Master Linux Resource Limits: /etc/security/limits.conf, ulimit, and systemd Settings
This guide explains how to configure Linux resource limits using /etc/security/limits.conf, the limits.d directory, ulimit commands, and systemd unit files, covering syntax, override rules, common pitfalls, and practical examples for both temporary and permanent settings.
1. /etc/security/limits.conf Details
The file is actually the PAM configuration for pam_limits.so and applies per session, not affecting system services. Files in /etc/security/limits.d/ are read alphabetically and can override the main file.
/etc/security/limits.conf Configuration
# /etc/security/limits.conf
# This file sets the resource limits for the users logged in via PAM.
# It does not affect resource limits of the system services.
# Also note that configuration files in /etc/security/limits.d directory,
# which are read in alphabetical order, override the settings in this file
# if the domain is the same or more specific.
# Each line describes a limit for a user in the form:
# <domain> <type> <item> <value>
# <domain> can be a user name, a group name (@group), the wildcard * (default for all users),
# or % (used for maxlogin limit).
# <type> can be "soft" (soft limit) or "hard" (hard limit).
# <item> can be core, data, fsize, memlock, nofile, rss, stack, cpu, nproc, as,
# maxlogins, maxsyslogins, priority, locks, sigpending, msgqueue, nice, rtprio, etc.
# Example entries:
* soft core 0
* hard rss 10000
@student hard nproc 20
@faculty soft nproc 20
@faculty hard nproc 50
ftp hard nproc 0/etc/security/limits.d/ Directory
The directory contains default files such as *-nproc.conf for thread limits. Custom .conf files can be added here.
CentOS 7 uses /etc/security/limits.d/20-nproc.conf with default soft nproc 4096 and unlimited for root.
CentOS 6 uses /etc/security/limits.d/90-nproc.conf.
2. ulimit Configuration
Configuration Tips
Do not set nofile to unlimited. Setting nofile above 1048576 (2^20) will prevent SSH login. The soft limit must not exceed the hard limit.
Basic Configuration
Place custom limits in /etc/security/limits.d/ rather than directly in /etc/security/limits.conf, e.g., create /etc/security/limits.d/20-nofile.conf and /etc/security/limits.d/20-nproc.conf.
root soft nofile 65535
root hard nofile 65535
* soft nofile 65535
* hard nofile 65535* - nproc 65535
root soft nproc unlimited
root hard nproc unlimitedOverride Cases
Example 1: When both /etc/security/limits.conf and /etc/security/limits.d/20-nofile.conf define nofile, the value from the file in limits.d overrides the main file.
Example 2: Soft limits cannot be larger than hard limits; otherwise the configuration is ignored.
Only specific configurations can be overridden. Files in /etc/security/limits.d/ can override those in limits.conf. Both soft and hard limits must be set to take effect. nofile cannot be set to unlimited . The maximum allowed value for nofile is 1048576. Soft limit must be ≤ hard limit.
3. ulimit Effectiveness
Temporary Configuration
Set the maximum number of open files for the current session:
ulimit -SHn 65536This setting is lost after a reboot.
Permanent Configuration
Add the same settings to /etc/security/limits.conf or a file under /etc/security/limits.d/ and re‑login for them to take effect.
Common Issues
On CentOS 6 the SSH daemon’s PAM module may be disabled (UsePAM no). Enabling it (UsePAM yes) and restarting sshd resolves the problem.
4. Common ulimit Commands
-S set soft limit
-H set hard limit
-a show all current limits
-b set socket buffer size
-c set maximum core file size
-d set maximum data segment size
-e set maximum scheduling priority
-f set maximum file size
-i set maximum number of pending signals
-l set maximum locked‑in‑memory address space
-m set maximum resident set size
-n set maximum number of open file descriptors
-p set pipe buffer size
-q set maximum bytes in POSIX message queues
-r set maximum realtime scheduling priority
-s set maximum stack size
-t set maximum CPU time
-u set maximum number of user processes
-v set maximum virtual memory size
-x set maximum number of file locksView current limits with ulimit -a or ulimit -n. Change limits with ulimit -SHn 65536.
5. systemd Limits
systemd services have their own limits defined by /etc/systemd/system.conf, /etc/systemd/user.conf, and individual service unit files.
Viewing Service Limits
systemctl show sshd | grep '^Limit'Or inspect a running process via cat /proc/<pid>/limits.
Adjusting Service Limits
Modify global limits in /etc/systemd/system.conf and reload with systemctl daemon-reexec or reboot.
Override per‑service limits by adding LimitNOFILE=32768 to the service unit file (e.g., /usr/lib/systemd/system/mariadb.service), then run systemctl daemon-reload and restart the service.
Use prlimit --pid <pid> --nofile=1024:4096 to change limits of a running process.
6. Extensions
Check a process’s limits with cat /proc/<pid>/limits.
Modify limits at runtime using prlimit (see man 7 prlimit).
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
MaGe Linux Operations
Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.