I run a fairly large (32 CPU core, 64 GB memory) multi-user system that is used for everything from teaching programming classes to being a web server. In our environment, where people will be learning to use "fork" for the first time, a per-user process limit is necessary.

I have set a limit of 96 processes per user in /etc/security/limits.conf.

Unfortunately, this seems to have the side-effect of limiting the number of threads that a user can run to 53 (when the only other processes run by that user are sshd and a shell).

If I increase the per-user process limit to 128, the user can then run 85 threads. The number of thread that a single user can run seems to be 43 less than their process limit.

This breaks a number of java applications, such as matlab, because they attempt to launch a large number of threads.

Does anyone know how to separate the two limits or do I have to choose between letting java applications run and being vulerable to fork bombs?

TIA

Scott