[systemd-devel] Per user limit defaults in systemd.conf

Lennart Poettering lennart at poettering.net
Tue Sep 1 14:30:43 UTC 2020


On Mo, 31.08.20 17:34, Joshua Miller (joshuamiller01 at gmail.com) wrote:

> Is there a way to set per-user defaults for values in systemd.conf?  e.g.
> I'd like to set DefaultLimitMEMLOCK for the 'app' user (User=app), such
> that all units run as User=app get the setting.

Something like that does not exist.

> I'm looking for a way to do what's done via pam_limits per limits.conf
>  (e.g. `username       hard    nofile          512`)

Nope, that's not what limits.conf does. limits.conf is only applied by
pam_limits, i.e. whenever a PAM session is opened. And that typically
means at login-time. (Some sloppy init scripts might have used "su" to
request a PAM login session even for system services back in sysv, but
that's really sloppy, people should use "setpriv" for that).

Anyway, do you want this for login users or for system services?
Initially your reference to User= suggests the latter, but your
reference to PAM suggests the former. What is it now?

You can use PAMName= in service unit files to allocate a PAM session
for them too (and thus also go through pam_limits if you configure the
stack like that). But it's a bit of a misuse to do so, given that PAM
isn't really what system services should bother with.

Lennart

--
Lennart Poettering, Berlin


More information about the systemd-devel mailing list