How to set or change the default soft or hard limit for the number of user's processes?

Solution Verified - Updated 6 Aug 2024

Environment

Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9

Issue

The system wide configuration file /etc/security/limits.d/90-nproc.conf (RHEL5, RHEL6), /etc/security/limits.d/20-nproc.conf (RHEL7) specifies the default nproc limits as:
```
  *            soft    nproc     1024
  root       soft    nproc     unlimited
```
However, when logged in as root, the ulimit shows a different value:
```
  $ ulimit -u
  1024
```
Why it is not unlimited in this case?
How to set or change the default soft or hard limit for the number of user's processes?

Resolution

To set the nproc limit to unlimited system wide, the file /etc/security/limits.d/90-nproc.conf (RHEL5, RHEL6), /etc/security/limits.d/20-nproc.conf (RHEL7 onward) should read:

For the root user:

  root       hard    nproc     unlimited

For the 'root' user, both 'soft' and 'hard':
```
  root       -    nproc     unlimited
```
or, for default domain again both 'soft' and 'hard' for example:
```
  *          -    nproc     unlimited
```
The unlimited option applied to the soft value for a domain cannot go beyond its hard limit. For a more detailed explanation and examples, check this article: What are my true user's ulimit limits?
Re-login for changes to take effect:
```
  $ ulimit -u
```
Another option to set the limits per session based is to specify it on the command line:
```
  $ ulimit -u unlimited
```
This command applies to the both soft and hard limits. Check the linked articles for the possible pitfalls.

Note: The pam of RHEL5 and RHEL8 don't provide any files under /etc/security/limits.d. If necessary, make the file.

Root Cause

" By default, the rules are read from the /etc/security/limits.conf file. For a complete description of the format of these rules, see the limits.conf(5) manual page. Additionally, you can create individual configuration files in the /etc/security/limits.d directory specifically for certain applications or services. By default, the pam_limits module is included in a number of files in the /etc/pam.d/ directory. A default limit of user processes is defined in the file /etc/security/limits.d/90-nproc.conf (RHEL5, RHEL6), /etc/security/limits.d/20-nproc.conf (RHEL7), to prevent malicious denial of service attacks, such as fork bombs. To change the default limit of user processes to 50, change the value in this file"

Note: RHEL8 and RHEL9 does not have the file like /etc/security/limits.d/20-nproc.conf, so if you want to limit nproc on RHEL8 and RHEL9, you need to create a file like /etc/security/limits.d/20-nproc.conf in /etc/security/limits.d/.

Source: RHEL6 Security Guide, ⁠Chapter 2. Securing Your Network

SBR

Product(s)

Red Hat Enterprise Linux

Components

basesystem

Category

Learn more

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.