PAM module to limit resources
' pam_limits.so 'u pam_limits.so [conf= /path/to/limits.conf ][debug] [set_all] [utmp_early] [noaudit]
The pam_limits PAM module sets limits on the system resources that can be obtained in a user -session . Users of uid=0 are affected by this limits, too .
By default limits are taken from the /etc/security/limits .conf config file . Then individual * .conf files from the /etc/security/limits .d/ directory are read . The files are parsed one after another in the order of "C" locale . The effect of the individual files is the same as if all the files were concatenated together in the order of parsing . If a config file is explicitly specified with a module option then the files in the above directory are not parsed .
The module must not be called by a multithreaded application .
If Linux PAM is compiled with audit support the module will report when it denies access based on limit of maximum number of concurrent login sessions .
conf= /path/to/limits.conf Indicate an alternative limits .conf style configuration file to override the default .
debug Print debug information .
set_all Set the limits for which no value is specified in the configuration file to the one from the process with the PID 1 .
utmp_early Some broken applications actually allocate a utmp entry for the user before the user is admitted to the system . If some of the services you are configuring PAM for do this, you can selectively use this module argument to compensate for this behavior and at the same time maintain system -wide consistency with a single limits .conf file .
noaudit Do not report exceeded maximum logins count to the audit subsystem .
Only the session module type is provided .
PAM_ABORT Cannot get current limits .
PAM_IGNORE No limits found for this user .
PAM_PERM_DENIED New limits could not be set .
PAM_SERVICE_ERR Cannot read config file .
PAM_SESSION_ERR Error recovering account name .
PAM_SUCCESS Limits were changed .
PAM_USER_UNKNOWN The user is not known to the system .
/etc/security/limits .conf Default configuration file
For the services you need resources limits (login for example) put a the following line in /etc/pam .d/login as the last line for that service (usually after the pam_unix session line):.RS 4
#%PAM -1 .0 # # Resource limits imposed on login sessions via pam_limits # session required pam_limits .so
Replace "login" for each service you are using this module .
pam_limits was initially written by Cristian Gafton <gafton@redhat .com>
limits.conf(5), pam.d(5), pam(8).