Setting limits for users
You can control the amount of resources consumed by certain z/OS UNIX users by setting individual limits for these users. The resource limits for the majority of z/OS UNIX users are specified in the BPXPRMxx parmlib member. Instead of assigning superuser authority to application servers and other users so they can exceed BPXPRMxx limits, you can individually set higher limits to these users, as discussed in System limits and process limits. Setting user limits allows you to minimize the number of assignments of superuser authority at your installation and reduces your security risk.
Specify limits for z/OS UNIX users by choosing options on the ADDUSER or ALTUSER commands. The limits are stored in the OMVS segment of the user profile. You can set the following limits in the OMVS user segment:
- ASSIZEMAX
- Maximum address space size (RLIMIT_AS)
- CPUTIMEMAX
- Maximum CPU time (RLIMIT_CPU)
- FILEPROCMAX
- Maximum number of concurrently open files per process
- MEMLIMIT
- Maximum size of storage above the bar
- MMAPAREAMAX
- Maximum memory map size
- PROCUSERMAX
- Maximum number of processes for this UID
- SHMEMMAX
- Maximum size of shared memory
- THREADSMAX
- Maximum number of threads per process
After you set individual user limits for users who require higher resource limits, you should consider removing their superuser authority, if they have any. You should also reevaluate your installation's BPXPRMxx limits and consider reducing these limits. See Customizing the BPXPRMxx member of SYS1.PARMLIB for more information.