Prevent a single account from spawning runaway processes with a quick shell limit. 16.11.2025 | reading time: 3 min On a multiuser Linux system one misbehaving account can exhaust process slots and destabilize the host; `ulimit` is the shell builtin you use to cap the number of processes a user may create, fast and locally. A simple hands-on test Set a low process limit in your shell, try to spawn many background tasks, and observe failure; for example run the commands below to set a per-shell limit and then attempt to create 200 processes: ``` $ ulimit -u 50 $ ulimit -u 50 $ bash -c 'for i in $(seq 1 200); do sleep 1000 & done' bash: fork: Resource temporarily unavailable ``` The error shows the kernel refused more processes once the soft/hard limit was reached. Soft and hard limits, and persistence `ulimit` supports soft and hard values (use `ulimit -Su` and `ulimit -Hu` for processes) and affects the current shell and its children only; to make limits persistent across logins configure `/etc/security/limits.conf` or drop-in files under `/etc/security/limits.d/` and ensure `pam_limits` is active so the limits apply at session start. Inspecting and changing limits system-wide For a specific PID use `cat /proc/<pid>/limits` or the `prlimit` tool to view and change limits of a running process; on systemd-based systems consider `TasksMax=` in service units or slice files to limit tasks per service in a more centralized way. Practical tips and caveats Remember that login managers and PAM can impose defaults that override shell defaults, that hard limits cannot be raised by an unprivileged user, and that limits such as `-n` (open files) and `-c` (core size) are managed the same way; test changes on a nonproduction shell before rolling them out. Quick wrap-up and next steps Use `ulimit` as a fast defense against fork bombs and accidental exhaustion, then codify safe defaults with PAM or systemd for production systems; keep exploring kernel limits, cgroups and monitoring to build robust host safeguards and consider formal certification to deepen your skills. Join Bits & Bytes Academy First class LINUX exam preparation. processes security utilities scripting
