setting bash shell limits for oracle user

Jephe Wu -

Objective: understand the concept of ulimit nofile and nproc settings for oracle under ssh environment
Environment: RHEL 5, CentOS 5, Oracle 11g

Bash shell can set maximum allowable number of open file descriptors (handles) or the maximum number of processes available to a user.

To see all limits settings for a current user under bash shell, login to CentOS 5, run 'ulimit -a' to check.

1.  Setting file descriptors/handles for entire Linux operating system
The maximum number of file handles denotes the maximum number of open files on a Linux system.
to see the setting , run
cat /proc/sys/fs/file-max

to check the current usage: run
cat /proc/sys/fs/file-nr
1154 133 65536

it shows the total allocated file handles, the number of currently unused file handles, the maximum file handles that can be allocated (also found in /proc/sys/fs/file-max).

To configure it:
# echo 65536 > /proc/sys/fs/file-max
# sysctl -w fs.file-max=65536

To make it permanent:
echo "fs.file-max=65536" >> /etc/sysctl.conf

2.  set Maximum Number of Open File Descriptors for the Oracle User:
 There's still per user limit after above file-max. It is not recommend to set hard limit for nofile for the oracle user equal to /proc/sys/fs/file-max, otherwise, once oracle user used up the file handles, the whole system also used up the file handles, so, the system cannot assign any more file handles for login process.

Modify the /etc/security/limits.conf file as root and make it like this: (use 63536 instead of 65536)

oracle soft nofile 63536
oracle hard nofile 63536

In order to make it work, pam_limits should be configured in the /etc/pam.d/
system-auth as follows, or in /etc/pam.d/sshd for ssh, /etc/pam.d/su for su, or /etc/pam.d/
login for local access and telnet

session required
session required

Same thing we can use for the number of processes:
oracle soft nproc 16384
oracle hard nproc 16384

3.  How many file descriptors are being used in your Linux system

File Descriptors

File descriptors are allocated dynamically by the kernel for performance reasons. use
sysctl fs.file-nr 
to check all 3 values.

Open Files
lsof | wc -l
This tells you that there are 8124 files by applications on the system. The same file opened by two applications will be counted twice. Normally, this value is bigger than fs.file-max.

lsof lists all open files, including files which are not using file descriptors - such as current working directories, memory mapped library files, and executable text files.

How to check file descriptors and open files for pid 1234:
file descriptor: 
ls -l /proc/1234/fd/

open files:
 lsof | grep 1234

4. FAQ:
a. I tried to setup the soft and hard nofile limits for root. But when I
 tried to ssh as root user, the limits set do not take into effect. Why?
According to redhat knowledge base you can 
specify the nofile ulimit values in /etc/init.d/sshd init script such as ulimit -n 4096 

For other similiar issues, you might need to disable
Why it happens? some openssh version has problem like below:
Due to the manner in which SSH logins are implemented. 
When a user logs in via SSH, the SSH daemon process forks a separate 
process to handle that specific connection. As such, the context this 
forked process runs in is owned by the user who logged in. Since regular
 users are not allowed to modify their ulimit upwards, the higher value 
specified in /etc/security/limits.conf fails to take effect.
This is because the calling program, i.e. the forked sshd process, 
lacks the permissions to perform the upward modification.