Linux - Limits and Quotas
ulimit
ulimit -a # show all limits
ulimit -n # Check max open file descriptors
ulimit -u # Check max user processes
ulimit -m # Check max memory usage (if supported)
ulimit -n 1048576 # set max open file descriptors ( only this session )
ulimit -u 65535 # set max user processes ( only this session )
ulimit -c unlimited # enable core dumps
- soft # Limits applied by default.
- hard # Maximum allowed limit (users can increase up to this value).
- Soft limits canโt exceed hard limits
ulimit -Sn # Max open files
ulimit -Su # Max user processes
ulimit -Sn 1048576 # Set soft limit for open files
ulimit -Hn # Max open files
ulimit -Hu # Max user processes
ulimit -Hn 1048576 # Set max open files to 1,048,576
| Option | Description | Example |
| -n | Max open file descriptors | ulimit -n 1048576 |
| -u | Max user processes | ulimit -u 65535 |
| -m | Max memory (KB) | ulimit -m unlimited |
| -v | Max virtual memory (KB) | ulimit -v unlimited |
| -s | Stack size (KB) | ulimit -s 8192 |
| -c | Core dump size (KB) | ulimit -c unlimited |
| -t | Max CPU time (seconds) | ulimit -t 600 |
| -f | Max file size (KB) | ulimit -f unlimited |
PAM needs to be configured to enforce limits from limits.conf:
sudo nano /etc/pam.d/common-session
session required pam_limits.so
Per user:
/etc/security/limits.conf # For Individual Users, all login sessions
user1 hard nofile 1048576
user1 soft nofile 1048576
user1 hard nproc 65535
user1 soft nproc 65535
/etc/security/limits.d/custom.conf # keep separate for system wide
* hard nofile 1048576
* soft nofile 1048576
* hard nproc 65535
* soft nproc 65535
- To apply changes user must logout. Rebooting will ensure systemwide application.
Big example:
# ๐น Apply limits to ALL users
* soft nofile 1048576 # Default max open files
* hard nofile 1048576 # Max open files (cannot exceed this)
* soft nproc 65535 # Default max user processes
* hard nproc 65535 # Max user processes
# ๐น Apply limits to a specific user (e.g., trader)
trader soft nofile 2097152 # Increase open files for trading apps
trader hard nofile 2097152
trader soft nproc 131072 # Allow more processes
trader hard nproc 131072
# ๐น Apply limits to a group (e.g., developers)
@developers soft memlock unlimited # Allow unlimited memory lock (for real-time apps)
@developers hard memlock unlimited
@developers soft stack 8388608 # Increase stack size
@developers hard stack 8388608
# ๐น Specific Limits for SSH Sessions
* soft maxlogins 5 # Max SSH logins per user
* hard maxlogins 10
# ๐น Prevent "fork bombs" (limits max user processes)
* soft nproc 50000
* hard nproc 100000
# ๐น Limit core dump size (useful for security)
* soft core 0
* hard core 0
# ๐น Limit CPU time (in minutes)
* soft cpu 1440 # 24 hours max CPU usage
* hard cpu 2880 # 48 hours max CPU usage
# ๐น Restrict max file size (prevent large file dumps)
* soft fsize 104857600 # 100MB max file size
* hard fsize 209715200 # 200MB max file size
# ๐น Restrict locked memory for all users except root
* soft memlock 67108864 # 64MB
* hard memlock 134217728 # 128MB
# ๐น Allow root unlimited resources
root soft nofile unlimited
root hard nofile unlimited
root soft nproc unlimited
root hard nproc unlimited
root soft memlock unlimited
root hard memlock unlimited
Systemd Limits
System-Wide limits:
/etc/systemd/system.conf # system wide, all services and users including root
/etc/systemd/user.conf # user services managed by systemd, started with systemctl --user, not procs started manually
DefaultLimitNOFILE=1048576
DefaultLimitNPROC=65535
Apply:
sudo sysctl -p
May be needed for systemd settings to take effect:
sudo systemctl daemon-reexec # Reload systemd
sudo reboot # Required for some changes