limadm(1MSRM)
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | ATTRIBUTES | SEE ALSO | DIAGNOSTICS | WARNINGS | NOTES
NAME
- limadm- change limit attributes or
delete lnodes for a list of users
SYNOPSIS
-
limadm set [-n] [-l | -u] attribute[+ | - | =]value[:...] user ...
limadm -a
limadm delete [-r] [-l | -u] user ...
limadm set [-n] [-l | -u] -f filename
DESCRIPTION
- terminal.interval
- services.limit
- services.accrue
- services.usage
- services.decay
- services.interval
- services.lastdecay
-
The invoker is the superuser, or has a set uselimadm flag. Any attribute in any lnode that the kernel permits to be changed can be changed. Automatically created lnodes are given a default sgroup of srmother, unless no such login name exists, in which case the default is root.
-
The invoker has only a set admin flag with the uselimadm flag clear. The following restrictions apply:
-
Only the lnodes of users who are members of the invoker's own scheduling group can be altered.
-
Only a member of the invoker's scheduling group can be assigned within the invoker's scheduling group. Automatically created lnodes are given the sgroup of the invoker by default.
-
Flag assignment: if the value of the invoker's flag is contrary to the flag's default value, then the invoker may not set the value of that flag to be otherwise, for any user. For example, the invoker's uselimadm flag is clear, so the invoker may only set other users' uselimadm flags to either clear or inherit.
-
limadm can either change limit values in the limits database for a given list of users with the set subcommand or delete an entry from the limits database with the delete subcommand. Either subcommand requires that the caller have the appropriate privilege as described in Permissions. The -a option displays the list of changeable limit attributes.
For example, to change a limit attribute, the command:
limadm set sgroup=sysprog:cpu.shares=50:flag.uselimadm=set:memory.limit=5.5m user1
sets the lnode for user1 to have a scheduling group parent of sysprog, 50 shares, full administrative privilege, and a memory limit of 5.5 Mbytes.
limadm applies all the changes, separated by colons, in the given order to each user in turn. Each change is of the form: the name of an attribute, followed by an operation character indicating addition, subtraction or assignment, (+|-|=), followed by a value, whose type depends on the attribute. Attributes that are readonly cannot be changed.
By default, getpwent(3C) interprets each user argument as a login name unless the name is not found in the password map, in which case, if it is numeric, it is interpreted as a UID.
Attributes: Lnode Data Fields
Only the attributes listed in srm(5SRM) can be changed.
The following services.flag attributes are used to enable/disable access to various network and/or local services for users of a Solaris Resource Manager enabled host.
| services.flag.su | If clear, user not allowed to execute su command |
| services.flag.xterm | Does not exist in SRM1.1 or SRM1.2; has no effect in SRM1.0 |
| services.flag.rsh | Enable/disable rsh access to this host |
| services.flag.ftp | Enable/disable ftp access to this host |
| services.flag.rlogin | Enable/disable rlogin access to this host |
| services.flag.rexec | Enable/disable rexec access to this host |
| services.flag.localservices | Enable/disable all local services, such as flag.su |
| services.flag.netservices | Enable/disable all network services, such as rsh, ftp, rlogin, rexec |
The following terminal.flag attributes are used to control terminal access to a Solaris Resource Manager enabled host.
| terminal.flag.network | Allow/disable access from network |
| terminal.flag.hardwired | Allow/disable access from hardwired devices, such as a modem |
| terminal.flag.console | Allow/disable access from the console |
| terminal.flag.all | Set/clear all terminal.flag flags |
The following flag attributes are used in Solaris Resource Manager to control processes.
| flag.asynckill | If set, Solaris Resource Manager kills all attached processes when an lnode becomes inactive (for example, when a user logs out). This can be used if users are not allowed to have background processes running after they log out. |
| flag.asyncnice | If set, Solaris Resource Manager lowers the priorities of all processes attached to an lnode when it becomes inactive, improving the runtime of other processes. |
| flag.noattach | If clear, lnode use is allowed. If set, lnode use is denied (processes cannot be attached to this lnode). |
The following flag attributes are used to control the number of concurrent logins of a user and/or a scheduling group. (Note that it is also possible to set no restrictions, and permit an unlimited number of logins.)
| flag.nologin=set | No login permitted |
| flag.onelogin=set | One login permitted |
When subtracting from an attribute limit, the result is silently prevented from falling to zero or below. This prevents the value from wrapping around, and also prevents the value from unintentionally becoming zero (a zero limit value has a special meaning: no limit). No numeric limits are applied to addition or assignment.
The following limit attributes are currently not supported:
File Format
The -f option causes limadm to read a list of users and changes from a named file, or standard input.
Each line of the file starts with a reference to a single user (a login name or UID number), followed by a tab, followed by a list of changes identical to what may be entered on the command line. limadm reads each line in turn, interprets the user name or UID subject to the -l and -u options, then compiles and performs the list of changes on that user.
Permissions
The invoker must have sufficient administrative privilege to perform the given changes to the given users. Two levels of privilege exist:
Flag Assignment
The flag assignment definitions are:
| limadm set flag=set user | Sets the flag for user. Note that s can be used as an abbreviation for set. |
| limadm set flag=clear user | Clears the flag for user. Note that c can be used as an abbreviation for clear. |
| limadm set flag=inherit user | Inherits the flag from the user's parent. Note that i can be used as an abbreviation for inherit. |
| limadm set flag=group user | Copy flag's value from the user's group flag value. Note that g can be used as an abbreviation for group. |
OPTIONS
- set
-
Change limit attributes of an lnode. If the lnode does not exist, one will be created automatically.
- -a
-
Write a list of all changeable attributes to standard output.
- -n
-
Suppress automatic creation of lnodes; write warnings about non-existent lnodes instead.
- -f
-
Read from file. The following argument is the name of a file containing a list of users and changes, one per line. If the argument that follows is a dash (-), values are read from standard input. See the File Format section.
- delete
-
Delete the user's lnode.
- -r
-
Force deletion, even if the lnode has children. (The child lnodes will become orphans.)
- -l
-
Interpret user argument as a login name only (the default).
- -u
-
Interpret user arguments as numeric UIDs only. This option also allows the use of UIDs that are not listed in the password map.
The command-line options are:
The mutually exclusive options -l and -u determine the interpretation of the user arguments:
The -l and -u options also affect the interpretation of values assigned to attributes with the type uid.
EXAMPLES
Example 1 To assign sub-administrator privileges to a list of users:
limadm set -u flag.admin=set UID1 UID2 UID3
Example 2 To delete a list of user entries from the limits database:
limadm delete user1 user2... userN
Example 3 To display the list of changeable attributes:
limadm -a
Example 4 To disable all network services or limit access for user "John":
First, set all flags (for example, rsh) to group, so that they will inherit their values from the services.flag.netservices flag. (By default, all of these flags are set to inherit.) For example, to set services.flag.ftp, type:
limadm set services.flag.ftp=group john
Then, to disable network services for John, type:
limadm set services.flag.netservices=clear john
To give John access to ftp only, type:
limadm set services.flag.ftp=set john
When a flag is in set state, it does not inherit its value from the parent (limadm set services.flag.netservices in the above example).
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
| Architecture | SPARC |
| Availability | SUNWsrmb |
SEE ALSO
ctime(3C), printf(3C), srm(5SRM)
Solaris Resource Manager 1.3 System Administration Guide
DIAGNOSTICS
limadm complains about unknown attribute names and values that overflow their attribute type. On the command line, if a valid attribute name is followed by a missing or malformed operator or value, then an error message is written, accompanied by a brief synopsis of the values that may be assigned to the attribute, and limadm exits. If the -f flag is in force, then no synopsis is given, and limadm skips to the next line of the file.
If an unknown login name or UID number is encountered, limadm writes a diagnostic message and skips to the next argument or to the next line in the input file.
WARNINGS
Subtracting from a limit attribute is not an atomic operation and may result in a negative or zero value, if other events are also changing the attribute.
Addition is not checked for overflow, so adding to a numeric attribute may cause the value to wrap around silently.
The ambiguous scale character m is assumed to mean `megabytes' (not minutes) if it is the only character following a number with units of storage accrual.
Decimal points can be used with integer types. However, numbers containing a decimal point and starting with a zero are interpreted as decimal numbers, not as octal floating-point numbers.
NOTES
This man page is applicable to SunOS 5.6, SunOS 5.7, and SunOS 5.8.
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | ATTRIBUTES | SEE ALSO | DIAGNOSTICS | WARNINGS | NOTES
- © 2010, Oracle Corporation and/or its affiliates