How would I over-ride a group setting in limits.conf?

Hi, If I had a user billy, and billy is in the sales group.

I set the sales group to have a process limit of 20 in /etc/security/limits.conf but for some special reason, I need to make it so that billy has the default process limit on the system, how would I do that?

I made an entry just for billy in /etc/security/limits.conf with a wildcard, and a blank value for the value of nproc, but the group value for sales stays the effective value.

Thank you!

  • post-author-pic
    Stosh O

    Hi Glen,

    Per man limits.conf:

    "In general, individual limits have priority over group limits, so if

    you impose no limits for admin group, but one of the members in this

    group have a limits line, the user will have its limits set according

    to this line."

    I would think your configuration should work.  Do you mind posting what your limits.conf file looks like?

  • post-author-pic
    Glen R

    Hi Stosh, thanks for helping me with this. Here is the ending of my limits .conf file# /etc/security/limits.conf
    #This file sets the resource limits for the users logged in via PAM.
    #It does not affect resource limits of the system services.
    #Also note that configuration files in /etc/security/limits.d directory,
    #which are read in alphabetical order, override the settings in this
    #file in case the domain is the same or more specific.
    #That means for example that setting a limit for wildcard domain here
    #can be overriden with a wildcard setting in a config file in the
    #subdirectory, but a user specific setting here can be overriden only
    #with a user specific setting in the subdirectory.
    #Each line describes a limit for a user in the form:
    #<domain> <type> <item> <value>
    #<domain> can be:
    # - a user name
    # - a group name, with @group syntax
    # - the wildcard *, for default entry
    # - the wildcard %, can be also used with %group syntax,
    # for maxlogin limit
    #<type> can have the two values:
    # - "soft" for enforcing the soft limits
    # - "hard" for enforcing hard limits
    #<item> can be one of the following:
    # - core - limits the core file size (KB)
    # - data - max data size (KB)
    # - fsize - maximum filesize (KB)
    # - memlock - max locked-in-memory address space (KB)
    # - nofile - max number of open file descriptors
    # - rss - max resident set size (KB)
    # - stack - max stack size (KB)
    # - cpu - max CPU time (MIN)
    # - nproc - max number of processes
    # - as - address space limit (KB)
    # - maxlogins - max number of logins for this user
    # - maxsyslogins - max number of logins on the system
    # - priority - the priority to run user process with
    # - locks - max number of file locks the user can hold
    # - sigpending - max number of pending signals
    # - msgqueue - max memory used by POSIX message queues (bytes)
    # - nice - max nice priority allowed to raise to values: [-20, 19]
    # - rtprio - max realtime priority
    #<domain> <type> <item> <value>

    #* soft core 0
    #* hard rss 10000
    #@student hard nproc 20
    #@faculty soft nproc 20
    #@faculty hard nproc 50
    #ftp hard nproc 0
    #@student - maxlogins 4
    @sales - nproc 20
    billy - nproc *
    # End of file

    id billy

    uid=1002(billy) gid=1004(billy) groups=1004(billy),1003(sales)

  • post-author-pic
    Stosh O

    Try using the value 'unlimited' for bill insted of the wildcard.  It would appear that the 'default' value suggested by using the astrisk is the value of the users group.

  • post-author-pic
    Glen R

    Hi Stosh, that produces billy having unlimited processes, but it does not set the billy user account to having 4096 processes. I can manually input 4096, but I wonder if there is another value I can substitute for 4096 that would be the system's default value for that item. I tried "default" and that didnt work.

Looking For Team Training?

Learn More