Ulimits is a program to allow an user to enforce the resource limits set forth by the administrator of a GNU/Linux system. Its main purpose is to overcome the absence of PAM on some distributions.
On distributions that provide Linux-PAM
(that is, most distributions), resource limits are usually set in a
/etc/security/limits.conf
file, and a PAM module makes sure these limits are applied each time an user logs in. On such systems, ulimits has probably no use; ulimits should only be needed on systems without PAM, such as Slackware.
On Slackware, resource limits can be specified in the /etc/limits
file, as described in limits(5). However, it seems that the only
program that cares about that file is /bin/login
. In particular,
graphical login managers (xdm, kdm, gdm) ignore the /etc/limits
file. It means that resource limits defined in that file are only set
when the user logs in through a text console.
ulimits is a small program to be installed as setuid root. It reads
the contents of the /etc/limits
file, gets the resource limits for the
calling user, and applies them to the calling process.
The intended usage of ulimits is to be called from the user’s
.xsession
script, before exec’ing the window manager:
#!/bin/sh # Normal contents of a .xsession script # ... # Apply resource limits defined in /etc/limits ulimits # Start the window manager exec /usr/bin/awesome
Limits will be set for the process that calls ulimits, that is, the
shell running the .xsession
script; the window manager will then
inherit the limits through the exec call, and they will be propagated
to all programs launched from the window manager.
Alternatively, ulimits may be called with non-option arguments; in that case, it will set the resource limits for its own process, then try to execute the program specified as the first argument. It means the last two lines of the above script could be replaced by a single one:
# Apply resource limits and start the window manager ulimits /usr/bin/awesome
This “exec mode” is the only available mode on systems which do not provide the prlimit(2) system call (non-Linux systems or Linux prior to 2.6.36).
The default behavior of ulimits when interpreting the /etc/limits
file mimics the behavor of /bin/login
, in the sense that only one line
is ever considered, even if several lines could apply to the calling
user.
The configure-time option --enable-merged-limits
, introduced in
version 0.3.2, allows to change that behavior. If enabled, all the lines
that could apply to the calling user will be treated as if they were a
single line.
(Since this is not the standard interpretation of /etc/limits
,
administrators should review carefully the contents of that file on
their system before enabling this feature, to make sure they are not
inadvertently giving an user more privileges than they originally
intended.)
ulimits must run as setuid root for two reasons. First, the
limits(5) page says that the /etc/limits
file should be readable
only by root. Second, only a privileged process can set the resource
limits to arbitrary values; an unprivileged process can only set them to
lower values than the default limits.
When called in “exec mode”, root privileges are dropped once the limits are set and before exec’ing the specified program.
Ulimits is distributed under the terms of the GNU General Public License, version 3 or higher. The full license is included in the COPYING file of the source distribution.
The project homepage, where release tarballs may be found, is located at https://incenp.org/dvlpt/ulimits.html. The latest source code is available at https://git.incenp.org/damien/ulimits.git.
ulimits-0.3.2.tar.gz (application/gzip, 104K, signature)
ulimits-0.3.3.tar.gz (application/gzip, 117K, signature)
Source Mage users, please note that a “spell” for
ulimits is already available in your “grimoire” (as
utils/ulimits
), thanks to Vlad Glagolev.