Restrict number of processes that a user can run in Ubuntu

Q Is there a way to restrict the number of processes that any one user is allowed to run while using their shell? I am using Ubuntu Dapper.

A There are two slightly different ways of doing this depending on whether your system uses PAM (Pluggable Authentication Modules). Ubuntu uses PAM by default, so you set limits in /etc/security/limits.conf. To limit user Fred to ten processes, add a line like this:

fred hard nproc 10

For systems not using PAM, the limits are set in /etc/limits, and the same restriction needs:

fred U10

In either case, you can use * as a username, to limit everyone but the root user. The limits set in these files are per login (rather than an overall limit for each user), but remember that a login for a graphical desktop may require several processes. A terminal window opened from this desktop is not, by default, a separate login, so set the limit to something reasonable to avoid crippling the desktop. To get an idea of the number of processes that a user runs with a standard startup, run

sudo ps -u fred | wc -l

The PAM example includes the hard option, because PAM sets two types of limit, hard and soft. Hard limits are immutable - only the superuser can change them - but a user can increase a setting above the soft limit up to the hard limit with the ulimit command (consider the soft limit a default and the hard limit an absolute maximum). You can set them both to the same value by using '-' as the second item in the /etc/security/limits.conf line. You are not limited to restricting the number of processes; you can also limit RAM or CPU usage. See the man pages for limits.conf and ulimit for (much) more information.

Follow us on Identi.ca or Twitter