/etc/security/limits.conf
Understanding /etc/security/limits.conf file
Each line describes a limit for a user in the form:
Where:
*
o an user name
o a group name, with @group syntax
o the wildcard *, for default entry
o the wildcard %, can be also used with %group syntax, for maxlogin limit
*
o “soft” for enforcing the soft limits
o “hard” for enforcing hard limits
*
o core - limits the core file size (KB)
*
o core - limits the core file size (KB)
o data - max data size (KB)
o fsize - maximum filesize (KB)
o memlock - max locked-in-memory address space (KB)
o nofile - max number of open files
o rss - max resident set size (KB)
o stack - max stack size (KB)
o cpu - max CPU time (MIN)
o nproc - max number of processes
o as - address space limit
o maxlogins - max number of logins for this user
o maxsyslogins - max number of logins on the system
o priority - the priority to run user process with
o locks - max number of file locks the user can hold
o sigpending - max number of pending signals
o msgqueue - max memory used by POSIX message queues (bytes)
o nice - max nice priority allowed to raise to
o rtprio - max realtime priority
o chroot - change root to directory (Debian-specific)
Login as the root and open configuration file:
# vi /etc/security/limits.conf
Following will prevent a “fork bomb”:
vivek hard nproc 300
@student hard nproc 50
@faculty soft nproc 100
@pusers hard nproc 200
Above will prevent anyone in the student group from having more than 50 processes, faculty and pusers group limit is set to 100 and 200. Vivek can create only 300 process. Please note that KDE and Gnome desktop system can launch many process.
Save and close the file. Test your new system by dropping a form bomb:
$ :(){ :|:& };:
Δεν υπάρχουν σχόλια:
Δημοσίευση σχολίου