opinions on /etc/security/limits.conf

[Roland McGrath]

I don't think it makes sense that this configuration file be the means of
resetting limits to their boot-time defaults, since that is what you really
want.  If what you want is to reset the base limits to those inherited from
init, you should do that explicitly.  i.e. have runuser or su, or SELinux
transition on exec, reset the limits to init's before applying whatever
configuration you want.  What you propose will wind up with drift between
the configuration file and the kernel defaults.  Some of the kernel default
limits are based on the size of RAM and such, so a default value in the
config file will never be right across the board.