172 lines
3.3 KiB
HTML
172 lines
3.3 KiB
HTML
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>Quotas and Limits</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
|
|
REL="HOME"
|
|
TITLE="Secure Programming for Linux and Unix HOWTO"
|
|
HREF="index.html"><LINK
|
|
REL="UP"
|
|
TITLE="Summary of Linux and Unix Security Features"
|
|
HREF="features.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="Signals"
|
|
HREF="signals.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="Dynamically Linked Libraries"
|
|
HREF="dlls.html"></HEAD
|
|
><BODY
|
|
CLASS="SECT1"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
SUMMARY="Header navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>Secure Programming for Linux and Unix HOWTO</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="signals.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
>Chapter 3. Summary of Linux and Unix Security Features</TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="dlls.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="SECT1"
|
|
><H1
|
|
CLASS="SECT1"
|
|
><A
|
|
NAME="QUOTAS"
|
|
></A
|
|
>3.6. Quotas and Limits</H1
|
|
><P
|
|
>Many Unix-like systems have
|
|
mechanisms to support filesystem quotas and process resource limits.
|
|
This certainly includes Linux.
|
|
These mechanisms are particularly useful for preventing denial of service
|
|
attacks; by limiting the resources available to each user, you can make
|
|
it hard for a single user to use up all the system resources.
|
|
Be careful with terminology here, because both filesystem quotas
|
|
and process resource limits have ``hard'' and
|
|
``soft'' limits but the terms mean slightly different things.</P
|
|
><P
|
|
>You can define storage (filesystem) quota limits on each mountpoint
|
|
for the number of blocks of storage and/or the number of unique files
|
|
(inodes) that can be used, and you can set such limits for a given user
|
|
or a given group.
|
|
A ``hard'' quota limit is a never-to-exceed limit, while a
|
|
``soft'' quota can be temporarily exceeded.
|
|
See quota(1), quotactl(2), and quotaon(8).</P
|
|
><P
|
|
>The rlimit mechanism supports a large number of process quotas, such as
|
|
file size, number of child processes, number of open files, and so on.
|
|
There is a ``soft'' limit (also called the current limit) and a
|
|
``hard limit'' (also called the upper limit).
|
|
The soft limit cannot be exceeded at any time, but through calls it can
|
|
be raised up to the value of the hard limit.
|
|
See getrlimit(2), setrlimit(2), and getrusage(2), sysconf(3), and
|
|
ulimit(1).
|
|
Note that there are several ways to set these limits, including the
|
|
PAM module pam_limits.</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
SUMMARY="Footer navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="signals.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
ACCESSKEY="H"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="dlls.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>Signals</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="features.html"
|
|
ACCESSKEY="U"
|
|
>Up</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>Dynamically Linked Libraries</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |