diff --git a/d4s_user_services_perms/defaults/main.yml b/d4s_user_services_perms/defaults/main.yml
index e8d9279e..20745648 100644
--- a/d4s_user_services_perms/defaults/main.yml
+++ b/d4s_user_services_perms/defaults/main.yml
@@ -11,6 +11,11 @@ d4science_tomcat_options_files:
   - '/etc/default/tomcat-instance-{{ item.0.http_port }}'
   - '/etc/default/tomcat-instance-{{ item.0.http_port }}.local'
 
+limits_nofile_value: 16000
+security_limits:
+  - { domain: '{{ d4science_user }}', l_item: 'nofile', type: 'soft', value: '{{ limits_nofile_value }}' }
+  - { domain: '{{ d4science_user }}', item: 'nofile', type: 'hard', value: '{{ limits_nofile_value }}' }
+
 d4science_manual_tomcat_inst_dir: '{{ d4science_user_home }}/tomcat'
 d4science_manual_tomcat_log_dir: '{{ d4science_manual_tomcat_inst_dir }}/logs'
 d4science_manual_tomcat_rotate_copies: 15
diff --git a/d4s_user_services_perms/tasks/main.yml b/d4s_user_services_perms/tasks/main.yml
index fee27e5c..6e97633d 100644
--- a/d4s_user_services_perms/tasks/main.yml
+++ b/d4s_user_services_perms/tasks/main.yml
@@ -5,3 +5,4 @@
   when: d4s_tomcat_node is defined and d4s_tomcat_node
 - include: d4s-basic-node.yml
   when: gcore_node is defined and gcore_node
+- include: security_limits.yml
diff --git a/d4s_user_services_perms/tasks/security_limits.yml b/d4s_user_services_perms/tasks/security_limits.yml
new file mode 100644
index 00000000..979ce9e9
--- /dev/null
+++ b/d4s_user_services_perms/tasks/security_limits.yml
@@ -0,0 +1,6 @@
+---
+- name: Change the default security limits
+  pam_limits: domain={{ item.domain }} limit_type={{ item.type }} limit_item={{ item.l_item }} value={{ item.value }}
+  with_items: '{{ security_limits }}'
+  tags: [ 'd4science', 'pam_limits']
+
diff --git a/ubuntu-deb-general/defaults/main.yml b/ubuntu-deb-general/defaults/main.yml
index ac6d6b61..3ec4e253 100644
--- a/ubuntu-deb-general/defaults/main.yml
+++ b/ubuntu-deb-general/defaults/main.yml
@@ -109,6 +109,12 @@ additional_ca_dest_dir: /usr/local/share/ca-certificates
 #x509_additional_ca_certs:
 #  - { url: "https://security.fi.infn.it/CA/mgt/INFNCA.pem", dest_file: '{{ additional_ca_dest_dir }}/infn-ca.crt' }
 
+#
+default_security_limits:
+  - { domain: 'root', l_item: 'nofile', type: 'soft', value: '8192' }
+  - { domain: 'root', item: 'nofile', type: 'hard', value: '8192' }
+
+
 #
 # debian/ubuntu distributions controllers
 #
diff --git a/ubuntu-deb-general/tasks/manage_su_limits.yml b/ubuntu-deb-general/tasks/manage_su_limits.yml
index e3b71b92..73652c22 100644
--- a/ubuntu-deb-general/tasks/manage_su_limits.yml
+++ b/ubuntu-deb-general/tasks/manage_su_limits.yml
@@ -2,3 +2,9 @@
 - name: Fix debian/ubuntu broken behaviour. The su pam config does not load pam_limits
   lineinfile: dest=/etc/pam.d/su line="session required pam_limits.so" insertafter="^#\ \(Replaces\ the\ use\ of\ /etc/limits.*$"
   tags: [ 'su', 'pam_limits']
+
+- name: Change the default security limits
+  pam_limits: domain={{ item.domain }} limit_type={{ item.type }} limit_item={{ item.l_item }} value={{ item.value }}
+  with_items: '{{ default_security_limits }}'
+  tags: [ 'su', 'pam_limits']
+