• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

The Urban Penguin

The Urban Penguin - Linux Training

  • Home
  • About
  • Live Online Courses
  • Shop
  • RHCSA Guide
  • Programming
    • Master Editing Text Files Using VIM
    • Learn Shell Scripting with BASH
    • PERL Scripting in Linux
    • Ruby Scripting in Linux
    • Scripting with PowerShell
    • Learn C Programming using Linux and the Raspberry Pi
    • General Java Tutorials
    • Java 7 OCA Exam 1ZO-803
  • OS Tutorials
    • Red Hat and CentOS Training
      • Red Hat Enterprise Linux System Administration 1 – RH124
      • RHCSA – System Admin 2 – RH134
      • RHCE – EX294 – Automation With Ansible
    • Learning Ubuntu
    • LPI Training
      • LPI Linux Essentials
      • LPIC-1 Linux Administrator
      • LPIC-2 Certified Linux Engineer
      • LPIC-3 Senior Level Certification
        • LPIC-3 Exam 300 : Mixed Environments
        • LPIC-3 Exam 303 : Security
        • LPIC-3 Exam 304 : Virtualization and High Availability
    • Linux Technologies
      • Apache HTTPD Server
      • Learning PHP
      • Learning PUPPET
      • Learning SAMBA
      • Linux File-Systems
      • Monitoring with Nagios Core
      • MYSQL
      • openLDAP Directories on Linux
You are here: Home / Linux / LPIC-3 Exam 303 / Controlling Resource Access using ulimit

Controlling Resource Access using ulimit

June 1, 2018 by The Urban Penguin

ulimitAs we continue are study into Linux Security and the LPIC-3 303 exam we now take a look at controlling the amount of resources that we make available to our users. We all know that if we give then everything then they will use everything. To maintain the integrity of the Server we need to ensure our users cannot be too greedy . This is where we can use ulimit to control access to the precious resources of a server.

Each objective is available to view online. However if you prefer to have all the content in one place and study from an eBook then the objective ‘LPIC 3 Linux Security 326.1 Host Hardening’ is now available to download for just £0.99.

Download

Ulimit and the limits.conf file

We start by investigating the command ulimit where we can display and set limits before we move onto static configuration which we set in the /etc/security/limits.conf file.

The command ulimit is a shell builtin, to gain access to help we can use the BASH man page and search for ulimit.

$ type ulimit
ulimit is a shell builtin
$ man bash

When used on its own without options or arguments ulimit will display the soft file blocks limit for the current user

$ ulimit
unlimited

To see all soft limits we can use :

$ ulimit -a
.....

To see all hard limits we can use:

$ ulimit -Ha
...

A hard limit cannot be increased by a non-root user once it is set; a soft limit may be increased up to the value of the hard limit. The hard limit CAN be reduced by a standard user.

If we want to see a specific resource limit we just need to implement the correct option. The -a option will print all limits and their specific options. To see the soft limit configured for the number of processes we can access :

$ ulimit -u
3843

Or, specifically addressing the soft limit

$ ulimit -Su
3843

The hard limit is the same on  my Ubuntu 18.04 server. This limits me to a maximum of 3843 processes running at the same time. Like many of the default resources this is probabaly a little high. Let us show how this can cause issues on your server. Our server only has 1GB of RAM and this memory will run out well before we hit the maximum number of available processes. We can demonstrate this by a simple shell script. This script is meant to be destructive, at least to a degree, so take care on your own systems.

We will create a  shell script that calls itself, this means that we will keep creating new processes until the system gives up.

#!/bin/bash
echo $
$0

The script will print the current process ID before calling itself. Each time it is called a new BASH shell is opened.

Executing the script will show the creation of new processes for a little while but then my system shows memory issues before we hit the 3843 processes. This is why we should limit access to all resources to more realistic levels. This may be a litttle hit or miss to start so you can test on sample users before implmenting across more users.

First, if we change our own limit:

$ ulimit -Su 200
$ ulimit -Hu 400

These setting configure a soft limit of 200 processes and an upper limit of 400 processes. The upper limit is maximum level that I can raise the soft limit to. As a standard user I cannot increase the hard limit.

Executing the script now and we will stop afetr the 200 processes and before the memory is exhausted.In this way we have protecetd the server and maintained the availabilty of the server to all users.

Configuring these transient limits are useful for testing but once we want to implement a longer test cycle we can setting to the /etc/security/limits.conf file. This is where the administrator  implements restrictions. The file is well documented, we can impose restrictions for users, groups and all users. The username for a user, groups are denoted with the @ prefix and the * is used for all users. Adding the following two lines will implement the same settings we made before for the user account named ubuntu.

ubuntu  soft nproc 200
ubuntu  hard nproc 400

The settings become effective on the next login for the user. Once the correct settings have been identified then you can consider rolling the configuration to more users using groups or the asterix. We have also only considered the single resource here, the number of processes. Each server resource can be considered valuable and should be protected from misuse.

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Pinterest (Opens in new window)
  • Click to share on Tumblr (Opens in new window)
  • Click to print (Opens in new window)

Filed Under: LPIC-3 Exam 303

Primary Sidebar

Newest Video

The Urban Penguin On Youtube

Products

  • Complete RHCSA 8 Study Guide Complete RHCSA 8 Study Guide £5.99
  • SELinux Guide SELinux Fundamentals in Red Hat Enterprise Linux 8 £1.99
  • Managing POSIX ACLS in Linux £0.99
  • Managing Linux File Permissions £0.99
  • Kernel Module Administration in Linux £0.99

Categories

Pages

  • About The Urban Penguin
  • Contact Us
  • Shop
    • Basket
    • Checkout
    • My Account
  • LPI Training from The Urban Penguin
    • Live and Pluralsight hosted courses
    • Complete Linux Essentials
    • LPIC-3 Senior Level Certification
      • LPIC-3 Exam 300 : Mixed Environments
      • LPIC-3 Exam 303 : Security
      • LPIC-3 Exam 304 : Virtualization and High Availability
    • LPIC-2 Certified Linux Engineer
    • LPIC-1 Linux Administrator
    • LPI Linux Essentials for Raspberry Pi
    • LPI Linux Essentials
  • Operating System Tutorials
    • Linux Foundation Training
    • Solaris 11 OCA 1ZO-821
    • Learning Ubuntu
    • Learning SUSE
    • Red Hat and CentOS Training
      • RHCE – EX294 – Automation With Ansible
      • RHCSA – System Admin 1 – RH124
      • RHCSA – System Admin 2 – RH134
  • Scripting – the power of repetition!
    • Java 7 OCA Exam 1ZO-803
    • General Java Tutorials
    • Learn C Programming using Linux and the Raspberry Pi
    • Ruby Scripting in Linux
    • Scripting with PowerShell
    • PERL Scripting in Linux
    • Learn Shell Scripting with BASH
    • Master Editing Text Files Using VIM
  • Linux Technologies
    • Learning PUPPET
    • openLDAP Directories on Linux
    • Monitoring with Nagios Core
    • Linux File-Systems
    • Learning SAMBA
    • Apache HTTPD Server
    • Learning PHP
    • MYSQL
  • OpenStack
    • Pluralsight
    • Udemy
    • Raspberry Pi Tutorials
    • Citrix Videos
  • Online Instructor-led Courses
    • Red Hat Enterprise Linux System Administration 1 – RH124
    • SELinux Masterclass
    • Bash Scripting Masterclass
    • Nftables Masterclass

© 2021 The Urban Penguin · All Rights Reserved

We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok