Spitfire19 Spitfire19 - 1 month ago 15
Bash Question

How do you change the limits of a Linux system account or a user that does not login to shell

I am running a Linux VM and I have a user that needs modified ulimits for the processes that user spawns. However this is a system account user (for example, apache) and the user never actually logs into the shell to spawn processes, they are spawned from an init.d or systemd script.

Answer

For services started via systemd, you could easily add limits by editing service files. read man systemd.exec

  Table 1. Limit directives and their equivalent with ulimit
   ┌────────────────┬───────────────────┐
   │Directive       │ ulimit equivalent │
   ├────────────────┼───────────────────┤
   │LimitCPU        │ ulimit -t         │
   ├────────────────┼───────────────────┤
   │LimitFSIZE      │ ulimit -f         │
   ├────────────────┼───────────────────┤
   │LimitDATA       │ ulimit -d         │
   ├────────────────┼───────────────────┤
   │LimitSTACK      │ ulimit -s         │
   ├────────────────┼───────────────────┤
   │LimitCORE       │ ulimit -c         │
   ├────────────────┼───────────────────┤
   │LimitRSS        │ ulimit -m         │
   ├────────────────┼───────────────────┤
   │LimitNOFILE     │ ulimit -n         │
   ├────────────────┼───────────────────┤
   │LimitAS         │ ulimit -v         │
   ├────────────────┼───────────────────┤
   │LimitNPROC      │ ulimit -u         │
   ├────────────────┼───────────────────┤
   │LimitMEMLOCK    │ ulimit -l         │
   ├────────────────┼───────────────────┤
   │LimitLOCKS      │ ulimit -x         │
   ├────────────────┼───────────────────┤
   │LimitSIGPENDING │ ulimit -i         │
   ├────────────────┼───────────────────┤
   │LimitMSGQUEUE   │ ulimit -q         │
   ├────────────────┼───────────────────┤
   │LimitNICE       │ ulimit -e         │
   ├────────────────┼───────────────────┤
   │LimitRTPRIO     │ ulimit -r         │
   ├────────────────┼───────────────────┤
   │LimitRTTIME     │ No equivalent     │
   └────────────────┴───────────────────┘

For init.d script's you could setup limits via ulimit