I am using CentOS 7 and I have several users registered in system (UIDs: 1000, 1001, 1002, etc)
I want to restrict memory consumption for each user using cgroup and systemd.
The following commands work pretty well but the user with UID=1000 must be logged in.
systemctl set-property user-1000.slice MemoryLimit=3000M
systemctl daemon-reload
If the user is not login I receive the following error message
Failed to set unit properties on user-1000.slice: Unit user-1000.slice is not loaded.
Imagine I have 20 users and I want to set up memory restrictions for them. Should I log in manually or write some workaround script to do it in order to run systemctl set-property command for each user? Or some elegant and straightforward solution exists?
This issues were based on the manner of configuration, it did not mean the cgroup can not limit the non-login users.
systemctl set-property ... command just supported for resource setting control at runtime.
Failed to set unit properties on user-1000.slice: Unit user-1000.slice is not loaded. is just runtime issue. You can solve the issue by using the static manner.
Examples>
# vim /etc/systemd/system/user-1000.slice
Create the specific user slice file or slice.d.
[Unit]
Description=1000 user.slice
[Slice]
MemoryAccounting=true
MemoryLimit=3000M
Reload the systemd.
# systemctl daemon-reload
Check the cgroup resource control setting.
1.Login as id=1000 user. (The cgroup setting is applied dynamically if user-1000 login)
2.Check cgroup limit status
# cd /sys/fs/cgroup/memory/user.slice/
# ls -ld *.slice
...snip...
user-1000.slice
...snip...
# cd ./user-1000.slice
# cat ./memory.limit_in_bytes
3145728000
I hope this will help you.