pam_limits – Modify Linux PAM limits

Synopsis

  • The pam_limits module modifies PAM limits. The default file is /etc/security/limits.conf. For the full documentation, see man 5 limits.conf.

Parameters

Parameter Choices/Defaults Comments
backup
boolean
    Choices:
  • no
  • yes
Create a backup file including the timestamp information so you can get the original file back if you somehow clobbered it incorrectly.
comment
-
Default:
""
Comment associated with the limit.
dest
-
Default:
"/etc/security/limits.conf"
Modify the limits.conf path.
domain
- / required
A username, @groupname, wildcard, uid/gid range.
limit_item
- / required
    Choices:
  • core
  • data
  • fsize
  • memlock
  • nofile
  • rss
  • stack
  • cpu
  • nproc
  • as
  • maxlogins
  • maxsyslogins
  • priority
  • locks
  • sigpending
  • msgqueue
  • nice
  • rtprio
  • chroot
The limit to be set
limit_type
- / required
    Choices:
  • hard
  • soft
  • -
Limit type, see man 5 limits.conf for an explanation
use_max
boolean
    Choices:
  • no
  • yes
If set to yes, the maximal value will be used or conserved. If the specified value is superior to the value in the file, file content is replaced with the new value, else content is not modified.
use_min
boolean
    Choices:
  • no
  • yes
If set to yes, the minimal value will be used or conserved. If the specified value is inferior to the value in the file, file content is replaced with the new value, else content is not modified.
value
- / required
The value of the limit.

Notes

Note

  • If dest file doesn’t exist, it is created.

Examples

- name: Add or modify nofile soft limit for the user joe
  pam_limits:
    domain: joe
    limit_type: soft
    limit_item: nofile
    value: 64000

- name: Add or modify fsize hard limit for the user smith. Keep or set the maximal value.
  pam_limits:
    domain: smith
    limit_type: hard
    limit_item: fsize
    value: 1000000
    use_max: yes

- name: Add or modify memlock, both soft and hard, limit for the user james with a comment.
  pam_limits:
    domain: james
    limit_type: '-'
    limit_item: memlock
    value: unlimited
    comment: unlimited memory lock for james

- name: Add or modify hard nofile limits for wildcard domain
  pam_limits:
    domain: '*'
    limit_type: hard
    limit_item: nofile
    value: 39693561

Status

Authors

  • Sebastien Rohaut (@usawa)

Hint

If you notice any issues in this documentation, you can edit this document to improve it.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/pam_limits_module.html