Linux limits.conf and limits.d

Jephe Wu -

Objective: find out how limits.conf and /etc/security/limits.d/ works


1. what order are files under /etc/security/limits.d/ read?

Firstly, read /etc/security/limits.conf file first, then individual files from /etc/security/limits.d directory are read. The order will be
special characters,
numbers in ascending order
uppercase letters
lowercase letters in alphabetical order

If two files have same entry, then the entry read last will take effect.

2.  applicable domain

  • The limits.conf and limits.d only applies for the applications that uses PAM service
  • And make sure the following line appears in /etc/pam.d/system-auth.

session     required

  • Make sure there's no sufficient line for session part before in /etc/pam.d/system-auth

3. ssh and pam_limits
limits.conf and limits.d/* are not working for ssh shell, because by default /etc/ssh/sshd_config doesn't use PAM. Change UsePAM from no to yes to fix the issue.

4. difference between open files setting in limits.conf and the fs.file-max in /proc/sys/fs/file-max
 File descriptor has two types: per session limit (/etc/security/limits.conf or limits.d/*) and system-wide limit (cat /proc/sys/fs/file-max), and nofile setting in limits.conf cannot be set to unlimited.

5.  all configuration files for setting up user nofile
a. # grep nofile /etc/security/limits.conf
b.# grep -r nofile /etc/security/limits.d/
c.# grep ^UsePAM /etc/ssh/sshd_config
d.# grep -r ulimit /etc/bashrc /etc/profile /etc/profile.d/
e.# grep ulimit ~user/.bashrc ~user/.bash_profile

6. soft limit vs hard limit
Normal user or unprivileged process can alter soft limit, range from 0 up to hard limit, also can lower its hard limit irreversibly.

Hard limit can only be changed by root user

How to set soft limit for a application process?
  • Use "ulimit -Sn " command to change the soft limits in runtime.
  • Directly update the proc files of respective process PID.

[root@jephe 1521]# more limits 
Limit                     Soft Limit           Hard Limit           Units     
Max cpu time              unlimited            unlimited            seconds   
Max file size             unlimited            unlimited            bytes     
Max data size             unlimited            unlimited            bytes     
Max stack size            10485760             unlimited            bytes     
Max core file size        0                    unlimited            bytes     
Max resident set          unlimited            unlimited            bytes     
Max processes             14841                14841                processes 
Max open files            1024                 4096                 files     
Max locked memory         65536                65536                bytes     
Max address space         unlimited            unlimited            bytes     
Max file locks            unlimited            unlimited            locks     
Max pending signals       14841                14841                signals   
Max msgqueue size         819200               819200               bytes     
Max nice priority         0                    0                    
Max realtime priority     0                    0                    
Max realtime timeout      unlimited            unlimited            us 

But soft limit 14 can be increased up to hard limit 19 as follows,e.g. we are increasing from 14 to 18

echo -n "Max open files=18:19" > /proc/1521/limits

No comments:

Post a Comment