Sharing the Linux prlimit Command

Feeling unwell, I initially thought of skipping this update. However, I happened to meet a security guard who was fiddling with his vegetable pot. After chatting for a while and seeing him remove some plants he deemed worthless, I took one to plant on the third-floor flower bed. Even if it only lasts three seasons, I hope not to abandon or give up.

Sharing the Linux prlimit Command

1. What is prlimit

http://man.he.net/man1/prlimit

prlimit – Get and set process resource limits

Given a process ID and one or more resources, prlimit attempts to retrieve and/or modify the limit values of these resources. When a command is provided, prlimit runs that command with the given parameters.

The limit values consist of soft limits and hard limits, separated by a colon (:), used to modify existing limit values. If no limit values are provided, prlimit will display the current values.

If either the soft limit or hard limit is not provided, the existing corresponding value is retained. To specify no limit (i.e., RLIM_INFINITY), you can pass -1 or the string ‘unlimited’. Due to the nature of limit values, the soft limit must be less than or equal to the hard limit (also known as the upper limit).

To view all available resource limit options, refer to the “Resource Options” section.

  • soft:hard: Specify both soft and hard limits simultaneously.

  • soft: Specify only the soft limit (hard limit remains unchanged).

  • :hard: Specify only the hard limit (soft limit remains unchanged).

  • value: Set both soft and hard limits to the same value.

2. Parameters

[root@master1 ~]# prlimit -h
Usage: prlimit [options] [-p PID] prlimit [options] command
General options: -p, --pid <pid>        Process ID -o, --output <list>    Define output columns to use     --noheadings       Do not print headings     --raw              Use raw output format     --verbose          Verbose output -h, --help             Display this help and exit -V, --version          Output version information and exit
Resource options: -c, --core             Maximum size of core files -d, --data             Maximum size of process data segment -e, --nice             Maximum nice priority allowed to raise -f, --fsize            Maximum size of files written by the process -i, --sigpending       Maximum number of pending signals -l, --memlock          Maximum number of locked memory pages -m, --rss              Maximum number of resident set size -n, --nofile           Maximum number of open files -q, --msgqueue         Maximum bytes in POSIX message queues -r, --rtprio           Maximum real-time scheduling priority -s, --stack            Maximum stack size -t, --cpu              Maximum CPU time (seconds) -u, --nproc            Maximum number of user processes -v, --as               Virtual memory size -x, --locks            Maximum number of file locks -y, --rttime           CPU time (interval) for real-time scheduling (milliseconds)
Available columns (for --output): DESCRIPTION  Resource description    RESOURCE  Resource name        SOFT  Soft limit        HARD  Hard limit (ceiling)       UNITS  Units
For more information, see prlimit(1).

3. Examples

Full list of resource options

[root@localhost ~]# prlimit --pid 2847
RESOURCE   DESCRIPTION                           SOFT   HARD UNITS
AS         address space limit                 unlimited unlimited bytes
CORE       max core file size                  unlimited unlimited bytes
CPU        CPU time                            unlimited unlimited seconds
DATA       max data size                       unlimited unlimited bytes
FSIZE      max file size                       unlimited unlimited bytes
LOCKS      max number of file locks held       unlimited unlimited locks
MEMLOCK    max locked-in-memory address space   65536  65536 bytes
MSGQUEUE   max bytes in POSIX mqueues          819200 819200 bytes
NICE       max nice prio allowed to raise           0      0 NOFILE     max number of open files              1024 524288 files
NPROC      max number of processes              11341  11341 processes
RSS        max resident set size               unlimited unlimited bytes
RTPRIO     max real-time priority                   0      0 RTTIME     timeout for real-time tasks         unlimited unlimited milliseconds
SIGPENDING max number of pending signals        11341  11341 signals
STACK      max stack size                     8388608 unlimited bytes

Output meaning

  • AS (Address Space Limit): Address space limit, both soft and hard limits are “unlimited”, units are bytes. This means there is no limit to the address space that the process can use.
  • CORE (Max core file size): Maximum size of core dump files, both soft and hard limits are “unlimited”, units are bytes. This indicates that core dump files of any size are allowed.
  • CPU (CPU time): CPU time, both soft and hard limits are “unlimited”, units are seconds. This means there is no limit to the CPU time that the process can use.
  • DATA (Max data size): Maximum size of the data segment, both soft and hard limits are “unlimited”, units are bytes. This indicates that there is no limit to the growth of the data segment.
  • FSIZE (Max file size): Maximum size of files, both soft and hard limits are “unlimited”, units are bytes. This indicates that files of any size can be created.
  • LOCKS (Max number of file locks held): Maximum number of file locks that can be held, both soft and hard limits are “unlimited”, units are the number of locks.
  • MEMLOCK (Max locked-in-memory address space): Maximum size of address space locked in memory, both soft and hard limits are 65536 bytes (i.e., 64KB).
  • MSGQUEUE (Max bytes in POSIX mqueues): Maximum bytes in POSIX message queues, both soft and hard limits are 819200 bytes (i.e., 800KB).
  • NICE (Max nice prio allowed to raise): The extent to which the process can adjust its priority using <span>nice</span> values, here both soft and hard limits are 0, meaning no priority elevation is allowed via <span>nice</span>.
  • NOFILE (Max number of open files): Maximum number of files that can be opened simultaneously, soft limit is 1024, hard limit is 524288, units are the number of files.
  • NPROC (Max number of processes): Maximum number of processes a user can have, both soft and hard limits are 11341, units are the number of processes.
  • RSS (Max resident set size): Maximum resident set size, both soft and hard limits are “unlimited”, units are bytes. This indicates that there is no limit to the physical memory used by the process.
  • RTPRIO (Max real-time priority): Maximum value for real-time priority, both soft and hard limits are 0, meaning real-time priority is not supported.
  • RTTIME (Timeout for real-time tasks): Timeout for real-time tasks, both soft and hard limits are “unlimited”, units are milliseconds.
  • SIGPENDING (Max number of pending signals): Maximum number of signals that can be pending waiting for processing, both soft and hard limits are 11341, units are the number of signals.
  • STACK (Max stack size): Maximum stack size, soft limit is 8388608 bytes (i.e., 8MB), hard limit is “unlimited”, units are bytes.

Examples:

1. View the resource limits of a process, check the core file size limit (<span>RLIMIT_CORE</span>) of the current shell process (PID is <span>$$</span>)

[root@master1 ~]# prlimit --pid $$ --core
RESOURCE DESCRIPTION        SOFT      HARD UNITS
CORE     max core file size    0 unlimited blocks
Output explanation: RESOURCE: Resource name, here it is CORE. DESCRIPTION: Description of the resource, here it refers to "maximum core dump file size". SOFT: Soft limit value, here it is 0, meaning that by default, core dump files are not allowed to be created. HARD: Hard limit value, here it is unlimited, indicating that if the soft limit is adjusted, its ceiling is unlimited. UNITS: The unit of the limit value, here it is "blocks". In Unix systems, one block is typically equal to 512 bytes.

2. Modify the resource limits of a process

Example 1: Modify CPU time limit, set the CPU time limit of the process with PID <span>660 to a soft limit of 10 seconds and a hard limit of 20 seconds</span>

[root@master1 ~]# ps -ef | grep vim
root       660 31579  0 11:23 pts/0    00:00:00 vim
root       731   669  0 11:24 pts/1    00:00:00 grep --color=auto vim
[root@master1 ~]# prlimit --pid 660 --cpu
RESOURCE DESCRIPTION      SOFT      HARD UNITS
CPU      CPU time    unlimited unlimited seconds
[root@master1 ~]# prlimit --pid 660 --cpu=10:20
[root@master1 ~]# prlimit --pid 660 --cpu
RESOURCE DESCRIPTION SOFT HARD UNITS
CPU      CPU time      10   20 seconds

Example 2: Modify only the soft limit (retain the hard limit), set the soft limit of the number of open files for the process with PID <span>660 to 512, keeping the hard limit unchanged</span>

[root@master1 ~]# prlimit --pid 660  --nofile=512:
[root@master1 ~]# prlimit --pid 660  --nofile
RESOURCE DESCRIPTION              SOFT   HARD UNITS
NOFILE   max number of open files  512 104800
[root@master1 ~]# prlimit --pid 1  --nofile
RESOURCE DESCRIPTION                 SOFT    HARD UNITS
NOFILE   max number of open files 1048576 1048576

Note the following points:

  • Containerized environments: Limit resource usage of processes within containers (e.g., <span>--cpu=2:4</span> limits CPU time to 2-4 seconds).
  • Security hardening: Prevent process abuse of system resources using <span>--nproc=100</span>.
  • Debugging assistance: Set <span>--core=unlimited</span> to generate complete core files for crash analysis.

4. Supplement

Related Commands (SEE ALSO)

ulimit(1) prlimit(2)

Notes (NOTES)

The prlimit system call has been supported since Linux version 2.6.36; older kernels may cause this program to malfunction.

Authors (AUTHORS)

Davidlohr Bueso<[email protected]>    — In tribute to Dennis M. Ritchie, co-founder of C language and Unix.

Availability (AVAILABILITY)

The prlimit command is part of the util-linux package, available at: https://www.kernel.org/pub/linux/utils/util-linux/

5. Summary

prlimit is a command that should be used cautiously; if you are not familiar with it, it is better not to use it, as it can easily lead to system instability.

Last but not least, feel free to communicate:
Follow the public account to leave a message, or leave a message directly below:

Related posts

  1. Viewing Remote Login User Status in Linux
  2. Basic Linux Tutorial
  3. Linux Kernel Synchronization Mechanisms: Unlocking the Secrets of Concurrent Programming
  4. Pillow-SIMD: The Supercharged Version of Image Processing!
  5. Comprehensive List of Common Linux Commands
  6. 45 Efficient Linux Command Combinations to Solve 99% of Daily Operations Needs!
  7. How to Check Port Usage in Linux
  8. Using Windows as Linux
  9. Setting Up a Lightweight Personal Blog VanBlog on Linux and Accessing It Remotely
  10. Shocking! Modifying Linux Kernel Code Can Reduce Data Center Energy Consumption by 30%!
  11. Linux ‘io_uring’ Security Blind Spot Allows Stealthy Rootkit Attacks
  12. Basic Principles of Linux Permission Control
  13. In-Depth Analysis of FreeRTOS Kernel Source Code: From Task Scheduling to Interrupt Handling
  14. Analysis of Senior Linux Development Position at Hikvision
  15. Monitoring and Tuning the Linux Network Stack: Submitting Packets to the Protocol Stack
  16. Linux Privilege Escalation Techniques (Part 1)
  17. Analysis of Packet Loss Issues in Linux Server Network Interfaces – Final Part
  18. DevOps: Deploying Java on Linux
  19. Brydge Pro+ Bluetooth Keyboard: Transform Your iPad into a MacBook

Leave a Comment