Monday, February 2, 2015

Ulimit (Nproc/Nofile) Configuration in Linux ?


What is the main configuration file ?

/etc/security/limits.conf
/etc/security/limits.d/*

So we have two files ? where do we need to change the values ?

we can make changes to any of above 2 files .But make sure values must present in any of one file . Else limits.d file will overwrite to limits.conf .

How can we check the current all ulimit values ?

Command # ulimit -a      will give all the current values in system . you can see in below example .




what is default nofile/nproc value in Linux ?

Typically the default value for nofile /nproc  is 1024 or 4096.


what is nofile /open file ? how can we check ?

nofile  is nothing but num of open files . noflie value is the one which controls  the user threshold on how many open files a user  can open in a system .

In Example below user paul can open 1024 open files in  system .


[paul@linuxtechnotes ~]$ whoami
paul
[paul@linuxtechnotes ~]$ ulimit -n
1024
[paul@linuxtechnotes ~]$

How can we know that how many files opened by user "paul' ?

lsof is the command which gives  the list of open files .From the below example you can see that num of files opened by root is 5802 and num of files opened by paul is 657.


[root@linuxtechnotes ~]# whoami
root
[root@linuxtechnotes ~]# lsof | wc -l
5802
[root@linuxtechnotes ~]# su - paul
[paul@linuxtechnotes ~]$
[paul@linuxtechnotes ~]$
[paul@linuxtechnotes ~]$ whoami
paul
[paul@linuxtechnotes ~]$ lsof | wc -l
657

[paul@linuxtechnotes ~]$


what is nproc  ? how can we check ?

nproc  is nothing but num of open process in a system  . nproc  value is the one which controls  the user threshold on how many open process a user  can open in a system .

In Example below user paul can open 1024 open process in a system .

[paul@linuxtechnotes ~]$ whoami
paul
[paul@linuxtechnotes ~]$ ulimit -u
1024
[paul@linuxtechnotes ~]$
[paul@linuxtechnotes ~]$


How can we know that how many process opened by user "paul' ?

ps -ef  is the command which gives  the list of open files .From the below example you can see that num of process  opened by root is 155 and num of files opened by paul is 157.


[root@linuxtechnotes ~]#
[root@linuxtechnotes ~]# whoami
root
[root@linuxtechnotes ~]#
[root@linuxtechnotes ~]# ulimit -u
15003
[root@linuxtechnotes ~]# ps -ef | wc -l
155
[root@linuxtechnotes ~]# su - paul
[paul@linuxtechnotes ~]$ ulimit -u
1024
[paul@linuxtechnotes ~]$
[paul@linuxtechnotes ~]$ ps -ef | wc -l
157
[paul@linuxtechnotes ~]$


How can we know the issue is with nproc/nofile(open file) ?

If any user getting error like "maximum num of open sessions/limit/file exceeds then that mean user exceeds the threshold to open a files.

When user is trying to login his/her account . If he get error like Resources are temporarily not available then that mean user exceeds the num of open process .

How can we increase the nproc/nofile value limit  ?

Nproc :-

lets assume we are going to increase nproc value for paul to 5000. Below we can see on how can we do 

[root@localhost security]# cd limits.d
[root@localhost limits.d]# ls
90-nproc.conf
[root@localhost limits.d]#
[root@localhost limits.d]# cat 90-nproc.conf
# Default limit for number of user's processes to prevent
# accidental fork bombs.
# See rhbz #432903 for reasoning.

*          soft    nproc     1024
root       soft    nproc     unlimited
[root@localhost limits.d]# su - paul
[paul@localhost ~]$ ulimit -u
1024
[paul@localhost ~]$ whoami
paul
[paul@localhost ~]$ exit
logout
[root@localhost limits.d]# whoami
root
[root@localhost limits.d]# vi 90-nproc.conf
[root@localhost limits.d]# cat 90-nproc.conf
# Default limit for number of user's processes to prevent
# accidental fork bombs.
# See rhbz #432903 for reasoning.

*          soft    nproc     1024
root       soft    nproc     unlimited
paul soft nproc 5000
paul hard nproc 5000
[root@localhost limits.d]# su - paul
[paul@localhost ~]$ ulimit -u
5000
[paul@localhost ~]$ whoami
paul
[paul@localhost ~]$




Nofile :-

lets assume we are going to increase nofile for paul to 5000. Below we can see on how can we do 

[root@localhost limits.d]# cat 90-nproc.conf
# Default limit for number of user's processes to prevent
# accidental fork bombs.
# See rhbz #432903 for reasoning.

*          soft    nproc     1024
root       soft    nproc     unlimited
paul soft nproc 5000
paul hard nproc 5000
[root@localhost limits.d]# su - paul
[paul@localhost ~]$ ulimit -n
1024
[paul@localhost ~]$ whoami
paul
[paul@localhost ~]$ exit
logout
[root@localhost limits.d]# vi 90-nproc.conf
[root@localhost limits.d]# cat 90-nproc.conf
# Default limit for number of user's processes to prevent
# accidental fork bombs.
# See rhbz #432903 for reasoning.

*          soft    nproc     1024
root       soft    nproc     unlimited
paul soft nproc 5000
paul hard nproc 5000

paul soft nofile 5000
paul hard nofile 5000
[root@localhost limits.d]# su - paul
[paul@localhost ~]$ ulimit -n
5000
[paul@localhost ~]$
[paul@localhost ~]$ whoami
paul
[paul@localhost ~]$




what is the main file which controls the ulimit value for system wide ?

[root@localhost ~]# cat /proc/sys/kernel/threads-max
30006
[root@localhost ~]#
[root@localhost ~]#


Earlier I mentioned that limits.d will overwrite limits.conf file . Below you can see how it works ?


Below you can see ulimit values setup in limits.d file for user "john" and thier is nothing in limits.conf

[root@linuxtechnotes ~]# cat /etc/security/limits.d/90-nproc.conf
# Default limit for number of user's processes to prevent
# accidental fork bombs.
# See rhbz #432903 for reasoning.

*          soft    nproc     1024
root       soft    nproc     unlimited

john  soft nproc 8000
john  hard nproc 8000
john  soft nofile 8000
john  hard nofile 8000

[root@linuxtechnotes ~]# su - john
[john@linuxtechnotes ~]$ ulimit -n -u
open files                      (-n) 8000
max user processes              (-u) 8000
[john@linuxtechnotes ~]$ cat /etc/security/limits.conf | tail -3
#@student        -       maxlogins       4

# End of file
[john@linuxtechnotes ~]$ whoami
john
[john@linuxtechnotes ~]$ 


Now below you can see i have setup values as 65535 in limits.conf file and 8000 in limits.d file . you can see below on which file wins 


[root@linuxtechnotes ~]# cat /etc/security/limits.d/90-nproc.conf
# Default limit for number of user's processes to prevent
# accidental fork bombs.
# See rhbz #432903 for reasoning.

*          soft    nproc     1024
root       soft    nproc     unlimited

john  soft nproc 8000
john  hard nproc 8000
john  soft nofile 8000
john  hard nofile 8000

[root@linuxtechnotes ~]# su - john
[john@linuxtechnotes ~]$ ulimit -n -u
open files                      (-n) 8000
max user processes              (-u) 8000
[john@linuxtechnotes ~]$ cat /etc/security/limits.conf | tail -3
#@student        -       maxlogins       4

# End of file
[john@linuxtechnotes ~]$ whoami
john
[john@linuxtechnotes ~]$ exit
logout
[root@linuxtechnotes ~]# vi /etc/security/limits.conf
[root@linuxtechnotes ~]# cat /etc/security/limits.conf | tail -5
# End of file
john soft nofile 65535
john hard nofile 65535
john soft nproc 65535
john hard nproc 65535
[root@linuxtechnotes ~]# su - john
[john@linuxtechnotes ~]$ ulimit -n -u
open files                      (-n) 8000
max user processes              (-u) 8000
[john@linuxtechnotes ~]$ whoami
john

[john@linuxtechnotes ~]$ exit



so as you see above limits.d wins . its means limits.d over writes to limits.conf file . Now Below lets try to remove the values in limits.d file and see which values reflects .


[root@linuxtechnotes ~]# cat /etc/security/limits.conf | tail -5
# End of file
john soft nofile 65535
john hard nofile 65535
john soft nproc 65535
john hard nproc 65535
[root@linuxtechnotes ~]# su - john
[john@linuxtechnotes ~]$ ulimit -n -u
open files                      (-n) 8000
max user processes              (-u) 8000
[john@linuxtechnotes ~]$ whoami
john
[john@linuxtechnotes ~]$ exit
logout
[root@linuxtechnotes ~]# cat /etc/security/limits.d/90-nproc.conf
# Default limit for number of user's processes to prevent
# accidental fork bombs.
# See rhbz #432903 for reasoning.

*          soft    nproc     1024
root       soft    nproc     unlimited

john  soft nproc 8000
john  hard nproc 8000
john  soft nofile 8000
john  hard nofile 8000

[root@linuxtechnotes ~]# vi /etc/security/limits.d/90-nproc.conf
[root@linuxtechnotes ~]# cat /etc/security/limits.d/90-nproc.conf
# Default limit for number of user's processes to prevent
# accidental fork bombs.
# See rhbz #432903 for reasoning.

*          soft    nproc     1024
root       soft    nproc     unlimited


[root@linuxtechnotes ~]# su - john
[john@linuxtechnotes ~]$ ulimit -n -u
open files                      (-n) 65535
max user processes              (-u) 65535
[john@linuxtechnotes ~]$ whoami
john

[john@linuxtechnotes ~]$









No comments:

Post a Comment