Check and set user limits with ulimit Linux command

The ulimit command in Linux is used to limit the amount of system resources that individual users can consume.

Whether it is user intention, or just accidently happens, a single user can eat up all available system resources such as RAM memory or disk space. Depending on the nature of your Linux system, you may want to limit your users to only what they might actually need.

This is an essential tweak commonly done to virtual private servers or other shared hosting situations, where a single server may be rented out to dozens of users. In this tutorial, you’ll learn how to use the ulimit command in Linux through examples. Follow along below to see learn about the various options that you can use with this command.

In this tutorial you will learn:

  • How to use the ulimit command on Linux
ulimit command in Linux with examples
ulimit command in Linux with examples
Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System Any Linux distro
Software ulimit
Other Privileged access to your Linux system as root or via the sudo command.
Conventions # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ – requires given linux commands to be executed as a regular non-privileged user

Frequently Used Options

Fork bombs, commands like yes, and buggy programs can easily utilize tons of system resources in a very short amount of time. This will impact the experience of all others users on the system, just because of one person abusing the system resources (either intentionally or not).

The ulimit command is the solution to this problem. Check out some of the ulimit examples below to see how to limit the consumption of system resources for your users.

ulimit command in Linux Basic Examples

All limits shown below are applied to the current bash shell session only. To make a permanent change to system wide use, you must make changes to the /etc/security/limits.conf. We will show how to do that in a later section.
  1. Use the ulimit command with the -a option to see a list of all your user’s limits on the system, or just ulimit by itself to see a quick summary.
    $ ulimit -a

    Viewing system resource limits for the current user with the ulimit command
    Viewing system resource limits for the current user with the ulimit command
  2. To limit the max number of processes that a user can spawn, use the -u option. This command will limit them to 10 processes. This will take care of things like fork bombs.
    $ ulimit -u 10

    If we try to exceed this limit, we’ll encounter an error:

    bash: fork: retry: Resource temporarily unavailable
  3. The -f option allows us to limit the size of a file that a user can make. This command will limit a user to files of 100 KB or less.
    $ ulimit -f 100

    And here’s what happens if we now try to exceed the limit.

    $ cat /dev/zero > file
    File size limit exceeded (core dumped)
    $ ls -lh file
    -rw-rw-r--. 1 linuxconfig linuxconfig 100K Feb 21 18:27 file 
  4. With ulimit it is also possible to limit the maximum amount of virtual memory available to a process. Use the -v option to accomplish this.
    $ ulimit -v 1000

  5. To limit the number of files a user can have opened at once (file descriptors), use the -n option.
    $ ulimit -n 10

    When this limit is exceeded, you’ll receive an error like this:

    bash: command: Too many open files

By now, you should be getting the idea that you can use any of the options to make new kinds of limits. Use ulimit --help or just ulimit -a to see the types of limits you can impose, and their corresponding command options.

You can always use the man command to read more about the ulimit command and its official documentation. Click the previous link to see how to open the manual pages for any command on a Linux system.

Advanced Usage

Up until now, we have been imposing “soft” limits with the ulimit command. These are limits that are created by the users themselves, and they can go as high as the “hard” limit allows them. To create a “hard” limit, we will edit the /etc/security/limits.conf file.

ulimit command in Linux Advanced Examples

  1. Use root permissions to open the /etc/security/limits.conf file. We will use nano in this example, but you may use a different text editor if you prefer.
    $ sudo nano /etc/security/limits.conf
  2. At the bottom of this file, we will impose some hard limits on our users, which are enforced system wide. The general syntax goes like this:
    [domain] [type] [item] [value]

    [domain] can be a user name, group name, or wild card. [type] can either be “soft” or “hard” depending on which kind of limit you’d like to enforce. [item] is what you’d like to limit, for example “cpu” or “nproc” (number of processes), etc. [value] is the number you’d like to enforce.

    All of this info is summarized in the file itself, in case you forget.

    Instructions from inside the limits.conf file
    Instructions from inside the limits.conf file
  3. As an example, let’s try putting a limit on the number of processes that users in the “corporate” group can spawn. Adding this line to the file would only allow the users in the group to spawn a maximum of 10 processes.

    @corporate        hard    nproc           20
  4. For another example, let’s limit the amount of file size user “linuxconfig” can utilize. This will limit the user to 10 MB. We must write the number as 10000 since it needs to be in kilobytes.
    linuxconfig        hard    fsize           10000

Use any of the limit types described in the /etc/security/limits.conf file to put limits on users, groups, or everyone on the entire system.

Closing Thoughts

In this tutorial, we learned all about the ulimit command on Linux. The ulimit command is essential for systems that have multiple users, in order to ensure that everyone is playing fairly and only using their share of the system resources.

When you need your limits to persist, you can edit the ulimit configuration file as seen above, to impose system limits on users, groups, or every account on the system.