Setting Max User Processes
A single user has the capability to run a large number of processes. Linux is a multi-user operating system. Now, imagine multiple users running tons of processes. Even if each of the processes does not consume too many hardware resources on its own, the sum of all user processes may eventually hog the entire system. To avoid such a situation, system admins may limit the number of processes that each user can open.
The limit can be imposed temporarily or permanently. Depending on your target scenario, follow the most appropriate method.
Set Max User Processes Temporarily
This method temporarily changes the limit of the target user. If the user restarts the session or the system is rebooted, the limit will reset to the default value.
Ulimit is a built-in tool that is used for this task. Ulimit can impose limits on various resources for a particular user. The only downside (as mentioned earlier) is that it is temporary.
Log in as the target user and check the current process limit.
Next, define the limit to 12345.
Verify the change.
Set Max User Processes Permanently
The following method is more reliable in a real-life scenario. If the user logs out or the system reboots, the change will not disappear.
Here, we will still use the Ulimit tool. However, instead of directly making changes using the ulimit command, we will tweak the system configuration tool that Ulimit uses to assign the limits to the target users.
Check out the limits.conf. command below:
$ cat /etc/security/limits.conf
To add an entry to the file, it should be in the following format:
$ <domain> <type> <item> <value>
The following list provides a definition for each field:
- domain: A domain can be a user, user group, GUID ranges, etc.
- type: The type of the limit. It can be either hard or soft.
- item: What resource will be limited. For this guide, we’ll be using “nproc”.
- value: The value of the limit.
Next, we will discuss limit types. If you want the domain to have a maximum process limit hovering around a certain value, then you use the soft limit type. If you want the domain to have a maximum process limit at a fixed value, then you use the hard limit type.
As for the item fields, there are a number of these. For the full list, I recommend checking out the limits.conf man page.
Now, back to tweaking the limits.conf file. To edit the file, open it in your favorite text editor. Note that you must run the command with root privileges. Otherwise, the changes cannot be saved.
$ sudo vim /etc/security/limits.conf
The following line is just an example. It will set a hard limit of 12345 for the user viktor.
$ viktor hard nproc 12345
Save the file and close the editor. To take the changes into effect, the user may need to restart the session or the system may have to reboot.
Verify the result.
Limiting max user processes is a common task that system admins may have to perform. Hopefully, this guide was helpful in that regard.
If you are interested in learning more about how to impose limits on other resources, check out the article Linux ulimit command. Ulimit is the primary tool that imposes resource limits on users in Linux.