KBTAG: kben10000068
URL: http://www.securityportal.com/lskb/10000050/kben10000068.html
Date created: 17/07/2000
Date modified:
Date removed:
Authors(s): Kurt Seifried seifried@securityportal.com
Topic: Limiting users with Bash
Keywords: Users
Bash has a built in limiter, accessed via ulimit. Any hard limits cannot be set higher, so if you have limits defined in /etc/profile, or in the users .bash_profile (assuming they cannot edit/delete those files) you can enforce limits on users with Bash shells. This is useful for older Linux distributions that lack PAM support. You must also ensure that the user cannot change their login shell. Settings the limits is similar to PAMs method, you define various such as:
ulimit Sc 0 ulimit Su 100 ulimit Hu 150
These three rules would achieve the same result as the ones in the PAM example. The first rule disables core dumps, the second rule sets a soft limit of 100 processes, and the third rule sets a hard limit of 150 processes. More help on ulimit is available by typing help ulimit at the bash prompt.
Only effective if user cannot change login shell
use ulimit, typically in /etc/profile to apply to all users
soft and hard limits
core files, files, cpu usage, memory usage, etc.
use ulimit in ~/.bash_profile and set the file immutable (chattr
+i) as root