ansible.builtin.pam_limits (v2.9.27) — module

Install Ansible via pip

Install with pip install ansible==2.9.27

Description

The C(pam_limits) module modifies PAM limits. The default file is C(/etc/security/limits.conf). For the full documentation, see C(man 5 limits.conf).

Usage examples

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Add or modify nofile soft limit for the user joe
  pam_limits:
    domain: joe
    limit_type: soft
    limit_item: nofile
    value: 64000

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Add or modify fsize hard limit for the user smith. Keep or set the maximal value.
  pam_limits:
    domain: smith
    limit_type: hard
    limit_item: fsize
    value: 1000000
    use_max: yes

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Add or modify memlock, both soft and hard, limit for the user james with a comment.
  pam_limits:
    domain: james
    limit_type: '-'
    limit_item: memlock
    value: unlimited
    comment: unlimited memory lock for james

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Add or modify hard nofile limits for wildcard domain
  pam_limits:
    domain: '*'
    limit_type: hard
    limit_item: nofile
    value: 39693561

Inputs

    
dest:
    default: /etc/security/limits.conf
    description:
    - Modify the limits.conf path.
    required: false

value:
    description:
    - The value of the limit.
    required: true

backup:
    default: 'no'
    description:
    - Create a backup file including the timestamp information so you can get the original
      file back if you somehow clobbered it incorrectly.
    required: false
    type: bool

domain:
    description:
    - A username, @groupname, wildcard, uid/gid range.
    required: true

comment:
    default: ''
    description:
    - Comment associated with the limit.
    required: false

use_max:
    default: 'no'
    description:
    - If set to C(yes), the maximal value will be used or conserved. If the specified
      value is superior to the value in the file, file content is replaced with the new
      value, else content is not modified.
    required: false
    type: bool

use_min:
    default: 'no'
    description:
    - If set to C(yes), the minimal value will be used or conserved. If the specified
      value is inferior to the value in the file, file content is replaced with the new
      value, else content is not modified.
    required: false
    type: bool

limit_item:
    choices:
    - core
    - data
    - fsize
    - memlock
    - nofile
    - rss
    - stack
    - cpu
    - nproc
    - as
    - maxlogins
    - maxsyslogins
    - priority
    - locks
    - sigpending
    - msgqueue
    - nice
    - rtprio
    - chroot
    description:
    - The limit to be set
    required: true

limit_type:
    choices:
    - hard
    - soft
    - '-'
    description:
    - Limit type, see C(man 5 limits.conf) for an explanation
    required: true