Suppose it depends on the context, considering the feature sets which are only partially overlapping and otherwise vastly differ
PAM limit
domain
a username
a groupname, with @group syntax. This should not be confused with netgroups.
the wildcard *, for default entry.
the wildcard %, for maxlogins limit only, can also be used with %group syntax. If the % wildcard is used alone it is identical to us* with maxsyslogins limit. With a group specified after % it limits the total number of logins of all users that are member of the group.
an uid range specified as <min_uid>:<max_uid>. If min_uid is omitted, the match is exact for the max_uid. If max_uid is omitted, all uids greater than or equal min_uid match.
a gid range specified as @<min_gid>:<max_gid>. If min_gid is omitted, the match is exact for the max_gid. If max_gid is omitted, all gids greater than or equal min_gid match. For the exact match all groups including the userβs supplementary groups are examined. For the range matches only the userβs primary group is examined.
a gid specified as %: applicable to maxlogins limit only. It limits the total number of logins of all users that are member of the group with the specified gid.
type
hard - for enforcing hard resource limits. These limits are set by the superuser and enforced by the Kernel. The user cannot raise his requirement of system resources above such values.
soft - for enforcing soft resource limits. These limits are ones that the user can move up or down within the permitted range by any pre-existing hard limits. The values specified with this token can be thought of as default values, for normal system usage.
for enforcing both soft and hard resource limits together.
item
core - limits the core file size (KB)
data - maximum data size (KB)
fsize - maximum filesize (KB)
memlock - maximum locked-in-memory address space (KB)
nofile - maximum number of open files
rss - maximum resident set size (KB) (Ignored in Linux 2.4.30 and higher)
stack - maximum stack size (KB)
cpu - maximum CPU time (minutes)
nproc - maximum number of processes
as - address space limit (KB)
maxlogins - maximum number of logins for this user except for this with uid=0
maxsyslogins - maximum number of all logins on system
priority - the priority to run user process with (negative values boost process priority)
lock - maximum locked files (Linux 2.4 and higher)
sigpending - maximum number of pending signals (Linux 2.6 and higher)
msgqueue - maximum memory used by POSIX message queues (bytes) (Linux 2.6 and higher)
nice - maximum nice priority allowed to raise to (Linux 2.6.12 and higher) values: [-20,19]
rtprio - maximum realtime priority allowed for non-privileged processes (Linux 2.6.12 and higher)
cgroups
blkio β this subsystem sets limits on input/output access to and from block devices such as physical drives (disk, solid state, or USB).
cpu β this subsystem uses the scheduler to provide cgroup tasks access to the CPU.
cpuacct β this subsystem generates automatic reports on CPU resources used by tasks in a cgroup.
cpuset β this subsystem assigns individual CPUs (on a multicore system) and memory nodes to tasks in a cgroup.
devices β this subsystem allows or denies access to devices by tasks in a cgroup.
freezer β this subsystem suspends or resumes tasks in a cgroup.
memory β this subsystem sets limits on memory use by tasks in a cgroup and generates automatic reports on memory resources used by those tasks.
net_cls β this subsystem tags network packets with a class identifier (classid) that allows the Linux traffic controller (tc) to identify packets originating from a particular cgroup task.
net_prio β this subsystem provides a way to dynamically set the priority of network traffic per network interface.
ns β the namespace subsystem.
perf_event β this subsystem identifies cgroup membership of tasks and can be used for performance analysis.