Title: Limiting users with Bash

KBTAG: kben10000068
URL: http://www.securityportal.com/lskb/10000050/kben10000068.html
Date created: 17/07/2000
Date modified:
Date removed:
Authors(s): Kurt Seifried seifried@securityportal.com
Topic: Limiting users with Bash
Keywords: Users

Summary:

 

 

More information:

 

Bash has a built in limiter, accessed via “ulimit”. Any hard limits cannot be set higher, so if you have limits defined in /etc/profile, or in the users .bash_profile (assuming they cannot edit/delete those files) you can enforce limits on users with Bash shells. This is useful for older Linux distributions that lack PAM support. You must also ensure that the user cannot change their login shell. Settings the limits is similar to PAM’s method, you define various such as:

ulimit –Sc 0
ulimit –Su 100
ulimit –Hu 150

These three rules would achieve the same result as the ones in the PAM example. The first rule disables core dumps, the second rule sets a soft limit of 100 processes, and the third rule sets a hard limit of 150 processes. More help on ulimit is available by typing “help ulimit” at the bash prompt.

Only effective if user cannot change login shell
use ulimit, typically in /etc/profile to apply to all users
soft and hard limits
core files, files, cpu usage, memory usage, etc.
use ulimit in ~/.bash_profile and set the file immutable (chattr +i) as root