The cPanel Fork Bomb Protection feature modifies the following files:

  • /etc/bashrc
  • /etc/profile
  • /etc/profile.d/limits.sh
  • /etc/profile.d/limits.csh

It will append the following lines to the files:

#cPanel Added Limit Protections -- BEGIN

#unlimit so we can run the whoami
ulimit -n 4096 -u 14335 -m unlimited -d unlimited -s 8192 -c 1000000 -v unlimited 2>/dev/null

LIMITUSER=$USER
if [ -e "/usr/bin/whoami" ]; then
        LIMITUSER=`/usr/bin/whoami`
fi
if [ "$LIMITUSER" != "root" ]; then
        ulimit -n 100 -u 35 -m 200000 -d 200000 -s 8192 -c 200000 -v unlimited 2>/dev/null
else
        ulimit -n 4096 -u 14335 -m unlimited -d unlimited -s 8192 -c 1000000 -v unlimited 2>/dev/null
fi
#cPanel Added Limit Protections -- END

And the following to the csh profile script:

#cPanel Added Limit Protections -- BEGIN
setenv LIMITUSER $USER
if ( -e /usr/bin/whoami ) then
        setenv LIMITUSER `whoami`
endif
if ( "$LIMITUSER" != "root" ) then
        limit descriptors 100
        limit maxproc 35
        limit memoryuse 200000
        limit datasize 200000
        limit stacksize 8192
        limit coredumpsize 200000
else
        limit descriptors 4096
        limit maxproc 14335
        limit memoryuse unlimited
        limit datasize unlimited
        limit stacksize 8192
        limit coredumpsize 1000000
endif
#cPanel Added Limit Protections -- END


This will cause non-root users to have a limit on certain resources as listed below.

Fork Bomb Protection Disabled Fork Bomb Protection Enabled
leo@webtwo:/home/leo% ulimit -a
-t: cpu time (seconds)         unlimited
-f: file size (blocks)         unlimited
-d: data seg size (kbytes)     unlimited
-s: stack size (kbytes)        10240
-c: core file size (blocks)    0
-m: resident set size (kbytes) unlimited
-u: processes                  1024
-n: file descriptors           1024
-l: locked-in-memory size (kb) 64
-v: address space (kb)         unlimited
-x: file locks                 unlimited
-i: pending signals            513812
-q: bytes in POSIX msg queues  819200
-e: max nice                   0
-r: max rt priority            0
leo@webtwo:/home/leo% ulimit -a
-t: cpu time (seconds)         unlimited
-f: file size (blocks)         unlimited
-d: data seg size (kbytes)     200000
-s: stack size (kbytes)        8192
-c: core file size (blocks)    200000
-m: resident set size (kbytes) 200000
-u: processes                  35
-n: file descriptors           100
-l: locked-in-memory size (kb) 64
-v: address space (kb)         unlimited
-x: file locks                 unlimited
-i: pending signals            513812
-q: bytes in POSIX msg queues  819200
-e: max nice                   0
-r: max rt priority            0

See Also[edit]