Objective 3: Set Up User-level Security
Even after you've taken the precautions listed earlier, the potential for valid users of your system to cause problems by consuming resources still exists. Such a problem could be accidental, but if it happens intentionally, it is called a denial of service (DoS) attack. For example, a user could create processes that replicate themselves and never exit. Eventually your system would grind to a halt because of thousands of processes, each trying to create more clones. You could also have a user begin allocating memory until the system cannot cope with the requests. In either case, you'd probably need to restart the system, if it responds at all. Clearly, prevention is more desirable for everyone.
You can prevent these scenarios without undue restrictions on users by using ulimit . This is a bash built-in command that sets maximums on various system resources for users. To enforce limits on users, include ulimit commands in /etc/profile.
ulimit
- Syntax
ulimit [
options] [limit]- Description
The bash built-in ulimit provides control over resources available to the shell and its child processes. For each resource, two limits may be set: a hard limit and a soft limit. Hard limits can be changed only by the superuser; soft limits may be increased by users up to the value of the hard limit. Hard and soft limits are specified with the special
-Hand-Soptions, respectively. Other options specify specific limits. If an option is provided with ...
Get LPI Linux Certification in a Nutshell, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
