inspec/docs/resources/limits_conf.md.erb

---
title: About the limits_conf Resource
platform: linux
---

# limits_conf

Use the `limits_conf` InSpec audit resource to test configuration settings in the `/etc/security/limits.conf` file. The `limits.conf` defines limits for processes (by user and/or group names) and helps ensure that the system running those processes remains stable. Each process may be assigned a hard or soft limit.

* Soft limits are maintained by the shell and defines the number of file handles (or open files) available to the user or group after login
* Hard limits are maintained by the kernel and defines the maximum number of allowed file handles

Entries in the `limits.conf` file are similar to:

    grantmc     soft   nofile   4096
    grantmc     hard   nofile   63536

    ^^^^^^^^^   ^^^^   ^^^^^^   ^^^^^
    domain      type    item    value

<br>

## Availability

### Installation

This resource is distributed along with InSpec itself. You can use it automatically.

### Version

This resource first became available in v1.0.0 of InSpec.

## Syntax

A `limits_conf` resource block declares a domain to be tested, along with associated type, item, and value:

    describe limits_conf('path') do
      its('domain') { should include ['type', 'item', 'value'] }
      its('domain') { should eq ['type', 'item', 'value'] }
    end

where

* `('path')` is the non-default path to the `inetd.conf` file
* `'domain'` is a user or group name, such as `grantmc`
* `'type'` is either `hard` or `soft`
* `'item'` is the item for which limits are defined, such as `core`, `nofile`, `stack`, `nproc`, `priority`, or `maxlogins`
* `'value'` is the value associated with the `item`

<br>

## Properties

* `domain`

<br>

## Examples

The following examples show how to use this InSpec audit resource.

### domain

The `domain` property tests the domain in the `limits.conf` file, along with associated type, item, and value:

    its('domain') { should include ['type', 'item', 'value'] }
`
For example:

    its('grantmc') { should include ['hard', 'nofile', '63536'] }

### Test limits

    describe limits_conf('path') do
      its('*') { should include ['soft', 'core', '0'], ['hard', 'rss', '10000'] }
      its('ftp') { should eq ['hard', 'nproc', '0'] }
    end

<br>

## Matchers

For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
add all partials for resources 2016-09-22 12:43:57 +00:00			`---`
			`title: About the limits_conf Resource`
Add `platform` tags and remove trailing whitespace (#2654) Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> 2018-02-16 00:28:15 +00:00			`platform: linux`
add all partials for resources 2016-09-22 12:43:57 +00:00			`---`

			`# limits_conf`

Refactors limits_conf resource (#2629) Signed-off-by: kagarmoe <kgarmoe@chef.io> 2018-02-13 17:34:51 +00:00			Use the `limits_conf` InSpec audit resource to test configuration settings in the `/etc/security/limits.conf` file. The `limits.conf` defines limits for processes (by user and/or group names) and helps ensure that the system running those processes remains stable. Each process may be assigned a hard or soft limit.
add all partials for resources 2016-09-22 12:43:57 +00:00
			`* Soft limits are maintained by the shell and defines the number of file handles (or open files) available to the user or group after login`
			`* Hard limits are maintained by the kernel and defines the maximum number of allowed file handles`

			Entries in the `limits.conf` file are similar to:

			`grantmc soft nofile 4096`
			`grantmc hard nofile 63536`

			`^^^^^^^^^ ^^^^ ^^^^^^ ^^^^^`
			`domain type item value`

Resource documentation update (#2207) Light formatting changes, change order of example and matchers, slight color changes Signed-off-by: hannah-radish <hmaddy@chef.io> 2017-10-03 21:35:10 +00:00			`<br>`

Clean injection of Availability section (#3206) Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> 2018-08-09 12:34:49 +00:00			`## Availability`

			`### Installation`

			`This resource is distributed along with InSpec itself. You can use it automatically.`

			`### Version`

			`This resource first became available in v1.0.0 of InSpec.`

Changing headings to align with SEO best practices Signed-off-by: David Wrede <dwrede@chef.io> 2016-09-27 19:03:23 +00:00			`## Syntax`
add all partials for resources 2016-09-22 12:43:57 +00:00
			A `limits_conf` resource block declares a domain to be tested, along with associated type, item, and value:

			`describe limits_conf('path') do`
			`its('domain') { should include ['type', 'item', 'value'] }`
			`its('domain') { should eq ['type', 'item', 'value'] }`
			`end`

			`where`

			* `('path')` is the non-default path to the `inetd.conf` file
			* `'domain'` is a user or group name, such as `grantmc`
			* `'type'` is either `hard` or `soft`
			* `'item'` is the item for which limits are defined, such as `core`, `nofile`, `stack`, `nproc`, `priority`, or `maxlogins`
			* `'value'` is the value associated with the `item`

Resource documentation update (#2207) Light formatting changes, change order of example and matchers, slight color changes Signed-off-by: hannah-radish <hmaddy@chef.io> 2017-10-03 21:35:10 +00:00			`<br>`
add all partials for resources 2016-09-22 12:43:57 +00:00
Normalizes terms accross resources (#2649) Signed-off-by: kagarmoe <kgarmoe@chef.io> 2018-02-15 14:33:22 +00:00			`## Properties`
Refactors limits_conf resource (#2629) Signed-off-by: kagarmoe <kgarmoe@chef.io> 2018-02-13 17:34:51 +00:00
			* `domain`

Fixes obvious formatting (#2648) Signed-off-by: kagarmoe <kgarmoe@chef.io> 2018-02-16 02:34:11 +00:00			`<br>`

Resource documentation update (#2207) Light formatting changes, change order of example and matchers, slight color changes Signed-off-by: hannah-radish <hmaddy@chef.io> 2017-10-03 21:35:10 +00:00			`## Examples`
add all partials for resources 2016-09-22 12:43:57 +00:00
Resource documentation update (#2207) Light formatting changes, change order of example and matchers, slight color changes Signed-off-by: hannah-radish <hmaddy@chef.io> 2017-10-03 21:35:10 +00:00			`The following examples show how to use this InSpec audit resource.`
add all partials for resources 2016-09-22 12:43:57 +00:00
Refactors limits_conf resource (#2629) Signed-off-by: kagarmoe <kgarmoe@chef.io> 2018-02-13 17:34:51 +00:00			`### domain`

			The `domain` property tests the domain in the `limits.conf` file, along with associated type, item, and value:

			`its('domain') { should include ['type', 'item', 'value'] }`
			`
			`For example:`

			`its('grantmc') { should include ['hard', 'nofile', '63536'] }`

Resource documentation update (#2207) Light formatting changes, change order of example and matchers, slight color changes Signed-off-by: hannah-radish <hmaddy@chef.io> 2017-10-03 21:35:10 +00:00			`### Test limits`
add all partials for resources 2016-09-22 12:43:57 +00:00
Resource documentation update (#2207) Light formatting changes, change order of example and matchers, slight color changes Signed-off-by: hannah-radish <hmaddy@chef.io> 2017-10-03 21:35:10 +00:00			`describe limits_conf('path') do`
			`its('*') { should include ['soft', 'core', '0'], ['hard', 'rss', '10000'] }`
			`its('ftp') { should eq ['hard', 'nproc', '0'] }`
			`end`

			`<br>`

			`## Matchers`
add all partials for resources 2016-09-22 12:43:57 +00:00
Add one comma in all docs & deletes two repeated sentences. (#2658) Signed-off-by: kagarmoe <kgarmoe@chef.io> 2018-02-16 03:07:18 +00:00			`For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).`
add all partials for resources 2016-09-22 12:43:57 +00:00