Book Image

Ubuntu Server Cookbook

By : Uday Sawant
Book Image

Ubuntu Server Cookbook

By: Uday Sawant

Overview of this book

Ubuntu is one of the most secure operating systems and defines the highest level of security as compared other operating system. Ubuntu server is a popular Linux distribution and the first choice when deploying a Linux server. It can be used with a $35 Raspberry Pi to top-notch, thousand-dollar-per-month cloud hardware. Built with lists that there are 4 million + websites built using Ubuntu. With its easy-to-use package management tools and availability of well-known packages, we can quickly set up our own services such as web servers and database servers using Ubuntu. This book will help you develop the skills required to set up high performance and secure services with open source tools. Starting from user management and an in-depth look at networking, we then move on to cover the installation and management of web servers and database servers, as well as load balancing various services. You will quickly learn to set up your own cloud and minimize costs and efforts with application containers. Next, you will get to grips with setting up a secure real-time communication system. Finally, we’ll explore source code hosting and various collaboration tools. By the end of this book, you will be able to make the most of Ubuntu’s advanced functionalities.
Table of Contents (16 chapters)
15
Index

Setting resource limits with limits.conf

Ubuntu is a multiuser and multi-process operating system. If a single user or process is consuming too many resources, other processes might not be able to use the system. In this recipe, you will see how to set resource limits to avoid such problems.

Getting ready

User account with root privileges is required.

How to do it...

Following are the steps to set the resource limits:

  1. Check the CPU use limit with $ulimit –t.
  2. To set new limit, open limits.conf with the following command:
    $sudo nano /etc/security/limits.conf
    
  3. Scroll to the end of the file and add following lines:
    username  soft  cpu  0  # max cpu time in minutes
    username  hard  cpu  1000 # max cpu time in minutes
    
  4. Enter Ctrl + O to save the changes.
  5. Enter Ctrl + X to exit GNU nano editor.

How it works…

PAM stands for pluggable authentication module. The PAM module pam_limits.so provides functionality to set a cap on resource utilization. The command ulimit can be used to view current limits as well as set new limits for a session. The default values used by pam_limits.so can be set in /etc/security/limits.conf.

In this recipe, we are updating limits.conf to set a limit on CPU uses by user username. Limits set by the ulimit command are limited to that session. To set the limits permanently, we need to set them in the limits.conf file.

The syntax of the limits.conf file is as follows:

<domain> <type> <item> <value>

Here, <domain> can be a username, a group name, or a wildcard entry.

<type> denotes the type of the limit and it can have the following values:

  • soft: This is a soft limit which can be changed by user
  • hard: This is a cap on soft limit set by super user and enforced by kernel

<item> is the resource to set the limit for. You can get a list of all items with $ulimit –a:

How it works…

In our example, we have set soft limit on CPU uses to 0 minutes and hard limit to 1000 minutes. You can changes soft limit values with the ulimit command. To view existing limits on open files, use the command $ulimit -n. To change limits on open files, pass the new limit as follows:

$ulimit -n 4096

An unprivileged process can only set its soft limit value between 0 and hard limit, and it can irreversibly lower hard limit. A privileged process can change either limit values.

There's more…

The command ulimit can be used to set limits on per process basis. You can't use the ulimit command to limit resources at the user level. You can use cgroups to set a cap on resource use.