community.general.pam_limits (8.5.0) — module

Install collection

Install with ansible-galaxy collection install community.general:==8.5.0

Add to requirements.yml

  collections:
    - name: community.general
      version: 8.5.0

Description

The M(community.general.pam_limits) module modifies PAM limits.

The default file is V(/etc/security/limits.conf).

For the full documentation, see C(man 5 limits.conf).

Usage examples

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Add or modify nofile soft limit for the user joe
  community.general.pam_limits:
    domain: joe
    limit_type: soft
    limit_item: nofile
    value: 64000

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Add or modify fsize hard limit for the user smith. Keep or set the maximal value
  community.general.pam_limits:
    domain: smith
    limit_type: hard
    limit_item: fsize
    value: 1000000
    use_max: true

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Add or modify memlock, both soft and hard, limit for the user james with a comment
  community.general.pam_limits:
    domain: james
    limit_type: '-'
    limit_item: memlock
    value: unlimited
    comment: unlimited memory lock for james

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Add or modify hard nofile limits for wildcard domain
  community.general.pam_limits:
    domain: '*'
    limit_type: hard
    limit_item: nofile
    value: 39693561

Inputs

    
dest:
    default: /etc/security/limits.conf
    description:
    - Modify the limits.conf path.
    required: false
    type: str

value:
    description:
    - The value of the limit.
    - Value must either be V(unlimited), V(infinity) or V(-1), all of which indicate no
      limit, or a limit of 0 or larger.
    - Value must be a number in the range -20 to 19 inclusive, if O(limit_item) is set
      to V(nice) or V(priority).
    - Refer to the C(man 5 limits.conf) manual pages for more details.
    required: true
    type: str

backup:
    default: false
    description:
    - Create a backup file including the timestamp information so you can get the original
      file back if you somehow clobbered it incorrectly.
    required: false
    type: bool

domain:
    description:
    - A username, @groupname, wildcard, UID/GID range.
    required: true
    type: str

comment:
    default: ''
    description:
    - Comment associated with the limit.
    required: false
    type: str

use_max:
    default: false
    description:
    - If set to V(true), the maximal value will be used or conserved.
    - If the specified value is superior to the value in the file, file content is replaced
      with the new value, else content is not modified.
    required: false
    type: bool

use_min:
    default: false
    description:
    - If set to V(true), the minimal value will be used or conserved.
    - If the specified value is inferior to the value in the file, file content is replaced
      with the new value, else content is not modified.
    required: false
    type: bool

limit_item:
    choices:
    - core
    - data
    - fsize
    - memlock
    - nofile
    - rss
    - stack
    - cpu
    - nproc
    - as
    - maxlogins
    - maxsyslogins
    - priority
    - locks
    - sigpending
    - msgqueue
    - nice
    - rtprio
    - chroot
    description:
    - The limit to be set.
    required: true
    type: str

limit_type:
    choices:
    - hard
    - soft
    - '-'
    description:
    - Limit type, see C(man 5 limits.conf) for an explanation.
    required: true
    type: str