How would I over-ride a group setting in limits.conf?

Hi, If I had a user billy, and billy is in the sales group.

I set the sales group to have a process limit of 20 in /etc/security/limits.conf but for some special reason, I need to make it so that billy has the default process limit on the system, how would I do that?

I made an entry just for billy in /etc/security/limits.conf with a wildcard, and a blank value for the value of nproc, but the group value for sales stays the effective value.


Thank you!

  • post-author-pic
    Stosh O
    09-14-2018

    Hi Glen,

    Per man limits.conf:

    "In general, individual limits have priority over group limits, so if

    you impose no limits for admin group, but one of the members in this

    group have a limits line, the user will have its limits set according

    to this line."


    I would think your configuration should work.  Do you mind posting what your limits.conf file looks like?

  • post-author-pic
    Glen R
    09-18-2018

    Hi Stosh, thanks for helping me with this. Here is the ending of my limits .conf file# /etc/security/limits.conf
    #
    #This file sets the resource limits for the users logged in via PAM.
    #It does not affect resource limits of the system services.
    #
    #Also note that configuration files in /etc/security/limits.d directory,
    #which are read in alphabetical order, override the settings in this
    #file in case the domain is the same or more specific.
    #That means for example that setting a limit for wildcard domain here
    #can be overriden with a wildcard setting in a config file in the
    #subdirectory, but a user specific setting here can be overriden only
    #with a user specific setting in the subdirectory.
    #
    #Each line describes a limit for a user in the form:
    #
    #<domain> <type> <item> <value>
    #
    #Where:
    #<domain> can be:
    # - a user name
    # - a group name, with @group syntax
    # - the wildcard *, for default entry
    # - the wildcard %, can be also used with %group syntax,
    # for maxlogin limit
    #
    #<type> can have the two values:
    # - "soft" for enforcing the soft limits
    # - "hard" for enforcing hard limits
    #
    #<item> can be one of the following:
    # - core - limits the core file size (KB)
    # - data - max data size (KB)
    # - fsize - maximum filesize (KB)
    # - memlock - max locked-in-memory address space (KB)
    # - nofile - max number of open file descriptors
    # - rss - max resident set size (KB)
    # - stack - max stack size (KB)
    # - cpu - max CPU time (MIN)
    # - nproc - max number of processes
    # - as - address space limit (KB)
    # - maxlogins - max number of logins for this user
    # - maxsyslogins - max number of logins on the system
    # - priority - the priority to run user process with
    # - locks - max number of file locks the user can hold
    # - sigpending - max number of pending signals
    # - msgqueue - max memory used by POSIX message queues (bytes)
    # - nice - max nice priority allowed to raise to values: [-20, 19]
    # - rtprio - max realtime priority
    #
    #<domain> <type> <item> <value>
    #

    #* soft core 0
    #* hard rss 10000
    #@student hard nproc 20
    #@faculty soft nproc 20
    #@faculty hard nproc 50
    #ftp hard nproc 0
    #@student - maxlogins 4
    @sales - nproc 20
    billy - nproc *
    # End of file

    id billy

    uid=1002(billy) gid=1004(billy) groups=1004(billy),1003(sales)







  • post-author-pic
    Stosh O
    09-18-2018

    Try using the value 'unlimited' for bill insted of the wildcard.  It would appear that the 'default' value suggested by using the astrisk is the value of the users group.

  • post-author-pic
    Glen R
    09-18-2018

    Hi Stosh, that produces billy having unlimited processes, but it does not set the billy user account to having 4096 processes. I can manually input 4096, but I wonder if there is another value I can substitute for 4096 that would be the system's default value for that item. I tried "default" and that didnt work.

Looking For Team Training?

Learn More