In Unix-like systems, the ulimit
command lets you check resource limits. When
these limits are updated, they only apply to sessions started after the change.
$ ulimit -a
core file size (blocks, -c) unlimited
data seg size (kbytes, -d) 524288
file size (blocks, -f) unlimited
max locked memory (kbytes, -l) 335262
max memory size (kbytes, -m) 1004356
open files (-n) 128
pipe size (512 bytes, -p) 1
stack size (kbytes, -s) 4096
cpu time (seconds, -t) unlimited
max user processes (-u) 64
virtual memory (kbytes, -v) 528384
The one that you probably want to pay the most attention to is “max user processes”. Reducing it low enough will prevent a fork bomb from succeeding in making your system unresponsive. However, setting it too low will keep users from doing normal tasks, especially if that involves compiling programs. Depending on the system’s purpose and on whether a restrictive process limit is imposed on all users or just a few, anywhere from 50 to 300 or so could be a good choice.
Linux and Unix OSs tend to err on the side of permissiveness where process limits are concerned.
$ ulimit -u
34290
Oops. Better fix that.
Resource limits can be changed for a single session by giving a value after the command line flag for that limit. Once you lower a resource limit for a session, you might not be able to raise it again unless you’re root.
$ ulimit -u 300
$ ulimit -u
300
$ ulimit -u 34290
-bash: ulimit: max user processes: cannot modify limit: Operation not permitted
If you want to change a resource limit for all new sessions, the method varies by OS.
Linux
More info: man 5 limits.conf
FreeBSD, NetBSD, OpenBSD
More info: man 5 login.conf
, man 1 cap_mkdb