Documentation

pam_limits - Modify Linux PAM limits

New in version 2.0.

Synopsis

  • The pam_limits module modify PAM limits, default in /etc/security/limits.conf. For the full documentation, see man limits.conf(5).

Options

parameter required default choices comments
backup
no no
  • yes
  • no
Create a backup file including the timestamp information so you can get the original file back if you somehow clobbered it incorrectly.
comment
no
Comment associated with the limit.
dest
no /etc/security/limits.conf
Modify the limits.conf path.
domain
yes
A username, @groupname, wildcard, uid/gid range.
limit_item
yes
  • core
  • data
  • fsize
  • memlock
  • nofile
  • rss
  • stack
  • cpu
  • nproc
  • as
  • maxlogins
  • maxsyslogins
  • priority
  • locks
  • sigpending
  • msgqueue
  • nice
  • rtprio
  • chroot
The limit to be set
limit_type
yes
  • hard
  • soft
  • -
Limit type, see man limits for an explanation
use_max
no no
  • yes
  • no
If set to yes, the maximal value will be used or conserved. If the specified value is superior to the value in the file, file content is replaced with the new value, else content is not modified.
use_min
no no
  • yes
  • no
If set to yes, the minimal value will be used or conserved. If the specified value is inferior to the value in the file, file content is replaced with the new value, else content is not modified.
value
yes
The value of the limit.

Examples

# Add or modify nofile soft limit for the user joe
- pam_limits:
    domain: joe
    limit_type: soft
    limit_item: nofile
    value: 64000

# Add or modify fsize hard limit for the user smith. Keep or set the maximal value.
- pam_limits:
    domain: smith
    limit_type: hard
    limit_item: fsize
    value: 1000000
    use_max: yes

# Add or modify memlock, both soft and hard, limit for the user james with a comment.
- pam_limits:
    domain: james
    limit_type: '-'
    limit_item: memlock
    value: unlimited
    comment: unlimited memory lock for james

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Support

This module is community maintained without core committer oversight.

For more information on what this means please read Module Support

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.