Enforce per-user resource caps at login to prevent resource exhaustion and keep systems stable. 16.11.2025 | reading time: 2 min limits.conf is the place to set per-user resource caps via the PAM limits module; learn how to restrict open files and process counts so one user cannot exhaust system resources. Tame open files and processes Hands-on example: append practical rules and verify a new login sees the limits; edit the file and then open a fresh session to observe the change: ``` # append to /etc/security/limits.conf # domain type item value deploy soft nofile 4096 deploy hard nofile 65536 deploy soft nproc 4096 deploy hard nproc 16384 ``` After saving, start a fresh login and check the limits with a login shell: ``` su - deploy -c 'ulimit -n; ulimit -u' # example output after login 4096 4096 ``` Deeper knobs and pitfalls Remember that limits.conf is read by the pam_limits module at session start and changes only affect new logins; system services launched by systemd ignore pam_limits and require LimitNOFILE or LimitNPROC in the service unit, and files under /etc/security/limits.d offer split configuration to avoid clobbering vendor settings. Quick commands to check Use `ulimit` in an interactive shell to inspect shell limits, `prlimit --pid` or `cat /proc/<pid>/limits` to query a running process, and check PAM configuration in /etc/pam.d to ensure pam_limits is active for the desired login paths. Final note Setting sensible nofile and nproc values reduces incidents of resource starvation and keeps servers predictable; if you want to go deeper, study PAM, systemd unit options and pursue certifications like CompTIA Linux+ or LPIC-1 with intensive exam preparation at bitsandbytes.academy. Join Bits & Bytes Academy First class LINUX exam preparation. setup processes security troubleshooting
