05-20-2014
As suggested by others why would you want to set limits for root? If you limit root you risk locking yourself out of the OS. Any applications running should run as a user created for the task, you can then apply limits to that user to protect the servers performance without risking blocking the root user.
Just today we had an application spin out of control and hit the limit of processes for the user account which had started the application. This meant that application support could not login to the server, but as root I was able to login and kill the rogue process.
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
As a regular (non-root) user on Unix servers I'm accustomed to changing my .profile file to set paths that I frequently use, etc.
I am trying to learn unix and set up a test server running SunOS 5.8. When I login as root I don't see a .profile file that belongs to root wherein I could change the... (1 Reply)
Discussion started by: FredSmith
1 Replies
2. AIX
how to set the ulimit on AIX 5.2 version? (3 Replies)
Discussion started by: Shilpi
3 Replies
3. AIX
Hi all,
I cannt use 'su' to login to root or any other users though everything seems ok. I read some articles that says if you do recursive chmod 777 on /usr it can create this problem.
I did the same. can anybody tell me how to repair it. Any ideas will be appreciated.
thnks (7 Replies)
Discussion started by: itesh.dash
7 Replies
4. AIX
Hello,
How can I setup the ulimit for memory permanent
ulimit -m unlimited
ulimit -a Output from the ulimit command should be similar to the following:time(seconds) unlimited
file(blocks) unlimited
data(kbytes) 2097152
stack(kbytes) 32768... (4 Replies)
Discussion started by: filosophizer
4 Replies
5. AIX
How to block the root user login in system direct console. Users should login with non-root ids themselves and then use the su command to become root. Which configuration file i need to check and disable it. (5 Replies)
Discussion started by: kmvinay
5 Replies
6. AIX
Hi,
I'm newbee to AIX and would like to setup a process which kills 1 Hr. ideal users from smit. Please advise for making it work. :)
Thanks,
Sumit (2 Replies)
Discussion started by: sumit30
2 Replies
7. UNIX for Dummies Questions & Answers
I've been through many threads before i decide to create a separate thread.
I can't really find the solution to my (simple) problem.
Here's what I'm trying to achieve:
As "canar" user I want to run a command, let's say "/opt/ocaml/bin/ocaml" as "duck" user.
The only to achieve this is to... (1 Reply)
Discussion started by: canar
1 Replies
8. Red Hat
The root user runs the following
ulimit -a | grep open
and gets a result of
open files (-n) 8162
A user runs the same command and gets a result of
open files (-n) 2500
How can you set the ulimit of the user to... (2 Replies)
Discussion started by: jsanders
2 Replies
9. AIX
Hello,
I am testing sudo and I want to test it. Can anyone please let me know few commands (of course other than shutdown, reboot etc. as I can't reboot the box) on AIX that can be run by ROOT only.
Thanks
---------- Post updated at 07:43 PM ---------- Previous update was at 07:38 PM... (5 Replies)
Discussion started by: prvnrk
5 Replies
10. UNIX for Advanced & Expert Users
I have seen two different ways for changing the ulimit for a user in aix. Which one is better?
Option 1
edit /etc/security/limits
oracle:
fsize = -1
data = -1
stack = -1
fsize_hard = -1
nofiles = -1
nofiles_hard = -1
Option 2
... (6 Replies)
Discussion started by: cokedude
6 Replies
LEARN ABOUT DEBIAN
faillog
FAILLOG(8) System Management Commands FAILLOG(8)
NAME
faillog - display faillog records or set login failure limits
SYNOPSIS
faillog [options]
DESCRIPTION
faillog displays the contents of the failure log database (/var/log/faillog). It can also set the failure counters and limits. When faillog
is run without arguments, it only displays the faillog records of the users who had a login failure.
OPTIONS
The options which apply to the faillog command are:
-a, --all
Display (or act on) faillog records for all users having an entry in the faillog database.
The range of users can be restricted with the -u option.
In display mode, this is still restricted to existing users but forces the display of the faillog entries even if they are empty.
With the -l, -m, -r, -t options, the users' records are changed, even if the user does not exist on the system. This is useful to reset
records of users that have been deleted or to set a policy in advance for a range of users.
-h, --help
Display help message and exit.
-l, --lock-secs SEC
Lock account for SEC seconds after failed login.
Write access to /var/log/faillog is required for this option.
-m, --maximum MAX
Set the maximum number of login failures after the account is disabled to MAX.
Selecting a MAX value of 0 has the effect of not placing a limit on the number of failed logins.
The maximum failure count should always be 0 for root to prevent a denial of services attack against the system.
Write access to /var/log/faillog is required for this option.
-r, --reset
Reset the counters of login failures.
Write access to /var/log/faillog is required for this option.
-R, --root CHROOT_DIR
Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory.
-t, --time DAYS
Display faillog records more recent than DAYS.
-u, --user LOGIN|RANGE
Display faillog record or maintains failure counters and limits (if used with -l, -m or -r options) only for the specified user(s).
The users can be specified by a login name, a numerical user ID, or a RANGE of users. This RANGE of users can be specified with a min
and max values (UID_MIN-UID_MAX), a max value (-UID_MAX), or a min value (UID_MIN-).
When none of the -l, -m, or -r options are used, faillog displays the faillog record of the specified user(s).
CAVEATS
faillog only prints out users with no successful login since the last failure. To print out a user who has had a successful login since
their last failure, you must explicitly request the user with the -u flag, or print out all users with the -a flag.
FILES
/var/log/faillog
Failure logging file.
SEE ALSO
login(1), faillog(5).
shadow-utils 4.1.5.1 05/25/2012 FAILLOG(8)