In Unix-like systems, the
ulimit command lets you check resource limits. When
these limits are updated, they only apply to sessions started after the change.
$ ulimit -a core file size (blocks, -c) unlimited data seg size (kbytes, -d) 524288 file size (blocks, -f) unlimited max locked memory (kbytes, -l) 335262 max memory size (kbytes, -m) 1004356 open files (-n) 128 pipe size (512 bytes, -p) 1 stack size (kbytes, -s) 4096 cpu time (seconds, -t) unlimited max user processes (-u) 64 virtual memory (kbytes, -v) 528384
The one that you probably want to pay the most attention to is “max user processes”. Reducing it low enough will prevent a fork bomb from succeeding in making your system unresponsive. However, setting it too low will keep users from doing normal tasks, especially if that involves compiling programs. Depending on the system’s purpose and on whether a restrictive process limit is imposed on all users or just a few, anywhere from 50 to 300 or so could be a good choice.
Linux and Unix OSs tend to err on the side of permissiveness where process limits are concerned.
$ ulimit -u 34290
Oops. Better fix that.
Resource limits can be changed for a single session by giving a value after the command line flag for that limit. Once you lower a resource limit for a session, you might not be able to raise it again unless you’re root.
$ ulimit -u 300 $ ulimit -u 300 $ ulimit -u 34290 -bash: ulimit: max user processes: cannot modify limit: Operation not permitted
If you want to change a resource limit for all new sessions, the method varies by OS.
man 5 limits.conf
FreeBSD, NetBSD, OpenBSD
man 5 login.conf,
man 1 cap_mkdb