Debian 10: I want to limit memory, CPU etc for all users except root; I have found several articles about this, but so far they all revolve around cgconfig, which doesn't seem to be the way it is done now. I have seen some suggestions to use slices instead, so for UID 1000, create something like:
# cat /lib/systemd/system/user-1000.slice
[Unit]
Description=User and Session Slice
Documentation=man:systemd.special(7)
Before=slices.target
MemoryHigh=20M
[Slice]
Slice=user-slice
[Install]
WantedBy=multi-user.target
and enable it with systemctl enable user-1000.slice. This appears to half work:
$ systemctl status user-1000.slice
Warning: The unit file, source configuration file or drop-ins of user-1000.slice changed on disk. Run 'systemctl daemon-reload' to reload units.
● user-1000.slice - User Slice of UID 1000
Loaded: loaded (/lib/systemd/system/user-1000.slice; enabled; vendor preset: enabled)
Drop-In: /usr/lib/systemd/system/user-.slice.d
└─10-defaults.conf
Active: active since Thu 2020-07-09 07:37:28 UTC; 1h 8min ago
Docs: man:systemd.special(7)
man:user@.service(5)
Tasks: 7 (limit: 5237)
Memory: 5.4M
CGroup: /user.slice/user-1000.slice
├─session-15.scope
│ ├─1089 sshd: jan [priv]
│ ├─1107 sshd: jan@pts/1
│ ├─1108 -bash
│ ├─1113 systemctl status user-1000.slice
│ └─1114 pager
└─user@1000.service
└─init.scope
├─1092 /lib/systemd/systemd --user
└─1093 (sd-pam)
However, MemoryHigh isn't set:
$ systemctl show user-1000.slice
Slice=user.slice
ControlGroup=/user.slice/user-1000.slice
...
MemoryHigh=infinity
...
I seem to be very close, but there must be something missing - what is it?
