Q: How can I limit the number of processes for a user?
A: A partial solution to this problem is to add "ulimit" commands to the system /etc/profile and /etc/csh.login scripts. One can set hard and soft limits. (The soft limit is the user's initial login default, which he may then adjust using ulimit, subject to the hard limit as a ceiling.)
There are, however, two holes in that approach (which might be a desirable feature, or not, depending on your circumstances): (1) The user can evade the limit entirely if allowed to select a different shell entirely, other than bash and tcsh, via the chsh command. (2) Non-root users subject to ulimit-based limitations on number of processes will still be able to adjust the soft limit, and can lower but not raise the hard limit. (The hard limit will revert to the system default at the next login.)
To establish unchangeable hard limits, enter the following into the login, ssh, telnet, and rlogin files in /etc/pam.d/login
session required /lib/security/pam_limits.so
Also, edit /etc/security/limits.conf. E.g.,
@users soft nproc 10
@users hard nproc 15
@admin soft nproc 1000
@admin hard nproc 1000
If you want the root user to have no process limits, include:
Users will see the following upon hitting the hard limit.
bash: fork: Resource temporarily unavailable.