You are reading an unmaintained version of the Ansible documentation. Unmaintained Ansible versions can contain unfixed security vulnerabilities (CVE). Please upgrade to a maintained version. See the latest Ansible documentation.

community.general.pam_limits module – Modify Linux PAM limits

Note

This module is part of the community.general collection (version 5.8.3).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.pam_limits.

Synopsis

• The pam_limits module modifies PAM limits.

• The default file is /etc/security/limits.conf.

• For the full documentation, see man 5 limits.conf.

Parameters

Parameter	Comments
backup boolean	Create a backup file including the timestamp information so you can get the original file back if you somehow clobbered it incorrectly. Choices: false ← (default) true
comment string	Comment associated with the limit. Default: ""
dest string	Modify the limits.conf path. Default: "/etc/security/limits.conf"
domain string / required	A username, @groupname, wildcard, UID/GID range.
limit_item string / required	The limit to be set. Choices: "core" "data" "fsize" "memlock" "nofile" "rss" "stack" "cpu" "nproc" "as" "maxlogins" "maxsyslogins" "priority" "locks" "sigpending" "msgqueue" "nice" "rtprio" "chroot"
limit_type string / required	Limit type, see man 5 limits.conf for an explanation. Choices: "hard" "soft" "-"
use_max boolean	If set to true, the maximal value will be used or conserved. If the specified value is superior to the value in the file, file content is replaced with the new value, else content is not modified. Choices: false ← (default) true
use_min boolean	If set to true, the minimal value will be used or conserved. If the specified value is inferior to the value in the file, file content is replaced with the new value, else content is not modified. Choices: false ← (default) true
value string / required	The value of the limit. Value must either be unlimited, infinity or -1, all of which indicate no limit, or a limit of 0 or larger. Value must be a number in the range -20 to 19 inclusive, if limit_item is set to nice or priority. Refer to the man 5 limits.conf manual pages for more details.

Notes

Note

• If dest file does not exist, it is created.

Examples

- name: Add or modify nofile soft limit for the user joe
  community.general.pam_limits:
    domain: joe
    limit_type: soft
    limit_item: nofile
    value: 64000

- name: Add or modify fsize hard limit for the user smith. Keep or set the maximal value
  community.general.pam_limits:
    domain: smith
    limit_type: hard
    limit_item: fsize
    value: 1000000
    use_max: true

- name: Add or modify memlock, both soft and hard, limit for the user james with a comment
  community.general.pam_limits:
    domain: james
    limit_type: '-'
    limit_item: memlock
    value: unlimited
    comment: unlimited memory lock for james

- name: Add or modify hard nofile limits for wildcard domain
  community.general.pam_limits:
    domain: '*'
    limit_type: hard
    limit_item: nofile
    value: 39693561

Authors

• Sebastien Rohaut (@usawa)

Collection links

Issue Tracker Repository (Sources) Submit a bug report Request a feature Communication