Working with ulimit in Linux [Beginners Guide]


Rocky Linux

Author: Omer Cakmak
Reviewer: Deepak Prasad

ulimit is a Linux shell command that allows to view or limit the amount of system resources consumed by local Linux users.

The ulimit command comes with shell(bash,sh,zsh etc) packages on Linux systems. The default shell in most Linux distribution is bash. As with most operating systems, it is installed during installation. Ulimit usage, may vary depending on the shell (bash, sh, zsh, csh etc.) used. Parameters can be named more or less differently.

Changes made with Ulimit are temporary. The /etc/security/limits.conf file is pointed to for permanent limits. However, it is recommended to proceed by creating a new configuration file under the /etc/security/limits.d directory.

 

Understanding ulimit usage

If you haven't used the ulimit command before, run the following command in terminal to see your local user limits:

[foc@rocky9 ~]$ ulimit -a
real-time non-blocking time  (microseconds, -R) unlimited
core file size              (blocks, -c) 0
data seg size               (kbytes, -d) unlimited
scheduling priority                 (-e) 0
file size                   (blocks, -f) unlimited
pending signals                     (-i) 5694
max locked memory           (kbytes, -l) 64
max memory size             (kbytes, -m) unlimited
open files                          (-n) 1024
pipe size                (512 bytes, -p) 8
POSIX message queues         (bytes, -q) 819200
real-time priority                  (-r) 0
stack size                  (kbytes, -s) 8192
cpu time                   (seconds, -t) unlimited
max user processes                  (-u) 5694
virtual memory              (kbytes, -v) unlimited
file locks                          (-x) unlimited

You can see that some values have unlimited and some values have a certain limit.

List what you can do with ulimit by typing the following command in the terminal:

[foc@rocky9 ~]$ ulimit --help
ulimit: ulimit [-SHabcdefiklmnpqrstuvxPT] [limit]
    Modify shell resource limits.
    Options:
      -S	use the `soft' resource limit
      -H	use the `hard' resource limit
      -a	all current limits are reported
      -b	the socket buffer size
      -c	the maximum size of core files created
      -d	the maximum size of a process's data segment
      -e	the maximum scheduling priority (`nice')
      -f	the maximum size of files written by the shell and its children
      -i	the maximum number of pending signals
      -k	the maximum number of kqueues allocated for this process
      -l	the maximum size a process may lock into memory
      -m	the maximum resident set size
      -n	the maximum number of open file descriptors
      -p	the pipe buffer size
      -q	the maximum number of bytes in POSIX message queues
      -r	the maximum real-time scheduling priority
      -s	the maximum stack size
      -t	the maximum amount of cpu time in seconds
      -u	the maximum number of user processes
      -v	the size of virtual memory
      -x	the maximum number of file locks
      -P	the maximum number of pseudoterminals
      -R	the maximum time a real-time process can run before blocking
      -T	the maximum number of threads

When you run these parameters in plain form with the active user, it shows the value of that parameter. For example, with the max user process -u parameter:

[foc@rocky9 ~]$ ulimit -u
5701

you can learn the max locked memory limit of that user with the -l parameter:

[foc@rocky9 ~]$ ulimit -l
64

Hard (-H) and soft (-S) limits are given for each value to be limited. Parameters are written side by side to display values such as hard-soft:

[foc@rocky9 ~]$ ulimit -Hu
5701
[foc@rocky9 ~]$ ulimit -Hl
64

The soft limit is the limit allocated for the actual processing of users. The hard limit is an upper (final limit) limit of the soft limit values.

 

Limiting different types of resource limits with ulimit

One thing to consider when changing the limit is that the soft limit should not be more than the hard limit. The rule is expressed as:

soft limits <= hard limit

Increase ulimit values for 5 frequently used values.

 

Example -1 Modify File Size Limit

To increase the file size value, a new value must be written after the -f parameter:

[foc@rocky9 ~]$ ulimit -f 1050

In the last case file size:

[foc@rocky9 ~]$ ulimit -f
1050

 

Example -2 Modify Max Memory Size

To increase max memory size:

[foc@rocky9 ~]$ ulimit -m 1024

Max memory size status:

[foc@rocky9 ~]$ ulimit -m
1024

 

Example -3 Modify Open File Limit

Open files previous value:

[foc@rocky9 ~]$ ulimit -n
1024

Let's increase:

[foc@rocky9 ~]$ ulimit -n 1280

Latest status:

[foc@rocky9 ~]$ ulimit -n
1280

 

Example -4 Modify Max User Processes Limit

To change the maximum number of processes the user can create:

[foc@rocky9 ~]$ ulimit -u 4096

Let's take the final state:

[foc@rocky9 ~]$ ulimit -u
4096

 

Example -5 Modify Virtual Memory Limit

Finally, let's increase the virtual memory value:

[foc@rocky9 ~]$ ulimit -v 1024

Let's look at the virtual memory value:

[foc@rocky9 ~]$ ulimit -v
1024

We shared examples of increasing 5 values above.

 

Bonus Tip

These values will return to default when the user logs out and re-enters.

You can write these values to .bashrc file for automatic application when user login.

[foc@rocky9 ~]$ nano ~/.bashrc

ulimit -f 2050
ulimit -m 2024
ulimit -n 2280
ulimit -u 2096
ulimit -v 10240

Save and exit the file. Let's user logout and login. View the limits:

[foc@rocky9 ~]$ ulimit -a
file size (blocks, -f) 2050
max memory size (kbytes, -m) 2024
open files (-n) 2280
max user processes (-u) 2096
virtual memory (kbytes, -v) 10240

 

How to modify ulimit permanently?

In the previous section we applied ulimit changes to individual users via terminal which we know is non-persistent. To make them persistent we added the changes to individual user's .bashrc file. But instead of that it is recommended to add all custom ulimit changes inside /etc/security/limits.d file which will automatically be considered every time a user with matching ruleset logs in to the server.

Let's create an example configuration file for the following values:

  • - core - limits the core file size (KB)
  • - data - max data size (KB)
  • - fsize - maximum filesize (KB)
  • - stack - max stack size (KB)
  • - nproc - max number of processes
  • - maxlogins - max number of logins for this user
  • - maxsyslogins - max number of logins on the system

 

Apply ulimit to users

Create a file named user_limits.conf:

[foc@rocky9 ~]$ sudo nano /etc/security/limits.d/user_limits.conf
#For foc user
foc soft core 1024
foc soft data 4096
foc hard fsize 1048576
foc soft maxlogins 4
foc hard maxsyslogins 6
foc soft stack 512

#For faruk user
faruk soft core 2048
faruk soft data 3072
faruk hard fsize 1048576
faruk soft maxlogins 2
faruk hard maxsyslogins 3
faruk soft nproc 1200

For example, we added hard and soft limit lines for users. To see the changes, you must do one of the following:

  • Log out of ssh connection and log back in
  • Log out session and log back with user.
NOTE:
Changes in limits.conf do not require reboot. You just need to close your active session and start a new session to pick the new changes.

Show limits for foc and faruk users. For foc user:

[foc@rocky9 ~]$ ulimit -a

core file size (blocks, -c) 1024
data seg size (kbytes, -d) 4096
file size (blocks, -f) 1048576
stack size (kbytes, -s) 512

Switch to user faruk

[foc@rocky9 ~]$ su - faruk
Password:
Last login: Mon Oct 3 23:11:30 +03 2022 on pts/0

Ulimit for faruk user:

[faruk@rocky9 ~]$ ulimit -a
core file size (blocks, -c) 2048
data seg size (kbytes, -d) 3072
file size (blocks, -f) 1048576
max user processes (-u) 1200

Try logging in more than the specified value from different terminals for the max login value. You will encounter the following warning:

foc@fedora:~$ ssh -l foc 192.168.122.238
foc@192.168.122.238's password: 
There were too many logins for 'foc'.
Last login: Mon Oct 3 23:26:30 2022 from 192.168.122.1
Connection to 192.168.122.238 closed.

For faruk user:

foc@fedora:~$ ssh -l faruk 192.168.122.238
faruk@192.168.122.238's password:
There were too many logins for 'faruk'.
Last login: Mon Oct 3 23:26:30 2022 from 192.168.122.1
Connection to 192.168.122.238 closed.

 

Apply ulimit to groups

We defined it for users, let's create an example file for user groups:

[foc@rocky9 ~]$ sudo nano /etc/security/limits.d/group_limits.conf

#For worker group
@worker hard rss 10000
@worker soft as 12000

#For test01 group
@test01 hard rss 11000
@test01 soft as 13000

The foc user is in the worker group, and the faruk user is in the test01 group. You can define different limits according to the groups that users belong to. In this way, you do not have to make separate definitions for each user.

In the last case, the values in KB can be seen with the following command.

[faruk@rocky9 ~]$ cat /proc/$(ps -uax | grep faruk | head -1 |awk {'print $2'})/limits 
Limit                     Soft Limit           Hard Limit           Units       
Max resident set          11264000             11264000             bytes     
Max address space         13312000             unlimited            bytes     
[foc@rocky9 ~]$ cat /proc/$(ps -uax | grep foc | head -1 |awk {'print $2'})/limits
Limit                     Soft Limit           Hard Limit           Units     
Max resident set          10240000             10240000             bytes       
Max address space         12288000             unlimited            bytes

Each value you set is now permanent. You can now increase limit using the opportunities offered by ulimit.

 

Summary

Increasing user limits may be appropriate for short-term access. Permanent limit increase is usually used by users who manage the application. In systems with central user management, these actions will not be needed.

We recommend that you try the limit increase experience on test systems first.

 

References

Redhat.com - How to set ulimit values
gist.github.com - How to increase ulimit in Linux

 

Omer Cakmak

Omer Cakmak

He is highly skilled at managing Debian, Ubuntu, CentOS, Oracle Linux, and Red Hat servers. Proficient in bash scripting, Ansible, and AWX central server management, he handles server operations on OpenStack, KVM, Proxmox, and VMware. You can connect with him on his LinkedIn profile.

Can't find what you're searching for? Let us assist you.

Enter your query below, and we'll provide instant results tailored to your needs.

If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

Buy GoLinuxCloud a Coffee

For any other feedbacks or questions you can send mail to admin@golinuxcloud.com

Thank You for your support!!

Leave a Comment