I know but see script we only do this for uid > 1000.
On 20/05/2021 17:29, Timo Rothenpieler wrote:
You shouldn't need this script and pam_exec.
You can set those limits directly in the systemd config to match every
user.
On 20.05.2021 16:28, Bas van der Vlies wrote:
same here we use the systemd user slice in out pam stack:
```
# Setup for local and ldap logins
session required pam_systemd.so
session required pam_exec.so seteuid type=open_session
/etc/security/limits.sh
```
limit.sh:
```
#!/bin/sh -e
PAM_UID=$(getent passwd "${PAM_USER}" | cut -d: -f3)
if [ "${PAM_UID}" -ge 1000 ]; then
/bin/systemctl set-property "user-${PAM_UID}.slice" CPUQuota=400%
CPUAccounting=true MemoryLimit=16G MemoryAccounting=true
fi
```
and also kill process that use to much time and exlude some processes:
*
https://github.com/basvandervlies/cf_surfsara_lib/blob/master/doc/services/sara_user_consume_resources.md
--
Bas van der Vlies
| HPCV Supercomputing | Internal Services | SURF |
https://userinfo.surfsara.nl |
| Science Park 140 | 1098 XG Amsterdam | Phone: +31208001300 |
| [email protected]
