Understanding and configuring system resource limits

Understanding and Configuring System Resource Limits

When working with a computer system, we need to ensure that it behaves as expected and can handle the workload we put on to it. For this purpose, we need to carefully define and configure the limits of system resources such as CPU usage, memory allocation, disk space, and network I/O. In this blog post, we will discuss the importance of understanding and configuring these resource limits, as well as how to set them up on a Linux-based system.

Why are System Resource Limits Important?

System resource limits are important because they help prevent a system from becoming overloaded and unresponsive. Without properly defined resource limits, a single process can consume all available system resources, making other processes slow or even unresponsive. Additionally, system resource limits can help protect against malicious attacks, as certain types of attacks can consume large amounts of system resources in a short amount of time.

System Resource Limits in Linux

In Linux, system resource limits are defined and managed using the PAM (Pluggable Authentication Modules) framework. Specifically, PAM modules are used to set and enforce limits on individual users or groups of users. To set these limits, we can use the ulimit command or modify system files such as /etc/security/limits.conf and /etc/security/limits.d/. These files allow us to set limits for specific users or groups based on various criteria, such as the type of resource being limited and the system hostname.

Setting Resource Limits with ulimit

The ulimit command can be used to set resource limits for the current shell session, or for a specific command or script. For example, the following command sets the maximum number of open files to 1000 for the current shell session:

ulimit -n 1000

This command limits the number of open files to 1000, which means that if a process tries to open more than 1000 files, it will receive an error message. Similarly, we can set the maximum amount of CPU time a process can use, the maximum amount of memory it can allocate, and the maximum size of files it can create.

Resource Limits in /etc/security/limits.conf

To set resource limits for all users of a Linux system, we can use the /etc/security/limits.conf file. This file defines the maximum limits for system resources such as CPU usage, memory allocation, and disk space. The syntax for setting limits in this file is as follows:

<domain> <type> <item> <value>

Where domain is either a user or a group, type is the type of resource being limited (e.g., cpu, memory, etc.), item is the specific item being limited (e.g., max CPU time, max memory size, etc.), and value is the maximum value allowed for that item. For example, to set a limit of 2GB on the amount of memory a user can allocate, we can add the following line to /etc/security/limits.conf:

* hard rss 2048000

In this case, the * character specifies that this limit applies to all users, the hard keyword indicates that this is a hard limit (i.e., it cannot be exceeded), rss specifies that we are limiting resident set size (i.e., the amount of physical memory allocated to a process), and 2048000 is the limit in kilobytes.

Resource Limits in /etc/security/limits.d/

We can also set resource limits for specific users or groups by creating files in the /etc/security/limits.d/ directory. These files should follow the same syntax as /etc/security/limits.conf, but with one limit per line. For example, to set limits for the user jdoe, we can create a file called /etc/security/limits.d/jdoe.conf, and add the following lines:

jdoe soft core 1000000
jdoe hard nproc 20

In this case, we are setting a soft limit of 1GB on the size of core dump files that can be generated by the user jdoe, and a hard limit of 20 on the maximum number of processes that can be run by this user.

Additional Resources

To learn more about system resource limits and how to configure them on a Linux system, check out the following resources: