Limits.conf won't work

Support for security such as Firewalls and securing linux
Post Reply
Tom_28
Posts: 6
Joined: 2011/10/18 14:17:53

Limits.conf won't work

Post by Tom_28 » 2012/01/24 12:43:19

Hi

Can you please help me to fix a problem?
I need to set 'max user process' to unlimited.

I added the the following lines in file /etc/security/limits.conf with user root:

* hard nproc unlimited
* soft nproc unlimited

But it won't work.

ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) unlimited
max locked memory (kbytes, -l) unlimited
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) unlimited
real-time priority (-r) 0
stack size (kbytes, -s) unlimited
cpu time (seconds, -t) unlimited
max user processes (-u) 1024
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited


Just when I write the lines with user, it works fine:

root hard nproc 65535
root soft nproc 20

For a second solution I made a bash script called init.sh with the following lines and started it with the kernel parameter init=/pathtofile/inti.sh on startup...

#!/bin/bash
# max user processes
ulimit -u unlimited
ulimit -H -u unlimited

But it changes nothing....

Can you please help me...

Thanks
Thomas

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Limits.conf won't work

Post by TrevorH » 2012/01/24 17:58:41

I can confirm that it doesn't work yet the manpage for limits.conf does not say that it will not. I did find a bypass

[code]
500:65535 - nproc unlimited
[/code]

where the number range is the uid numbers to apply to.

Tom_28
Posts: 6
Joined: 2011/10/18 14:17:53

Re: Limits.conf won't work

Post by Tom_28 » 2012/01/25 08:40:53

ok, thanks for your answer.

But why does my bash script won't work?

#!/bin/bash
# max user processes
ulimit -u unlimited
ulimit -H -u unlimited

Thomas

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Limits.conf won't work

Post by TrevorH » 2012/01/25 09:09:08

Because only root can change the number of processes a non-root user may use?

Tom_28
Posts: 6
Joined: 2011/10/18 14:17:53

Re: Limits.conf won't work

Post by Tom_28 » 2012/01/25 10:00:13

Hi, i'm logged with user root when I execute this script.....

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Limits.conf won't work

Post by TrevorH » 2012/01/25 12:36:22

Well then it's working... just not in the way that you think it should :-) Your script runs as a sub-shell and invokes a new copy of bash, you change the limits for that script and they take effect then the sub-shell ends and the parent shows you the original values when you run `ulimit -a`.

Tom_28
Posts: 6
Joined: 2011/10/18 14:17:53

Re: Limits.conf won't work

Post by Tom_28 » 2012/01/25 13:46:27

Ah ok, thanks for your answer.
Thomas

User avatar
toracat
Site Admin
Posts: 7518
Joined: 2006/09/03 16:37:24
Location: California, US
Contact:

Limits.conf won't work

Post by toracat » 2012/05/18 21:13:48

A CentOS user tupari filed a BZ report upstream [url=https://bugzilla.redhat.com/show_bug.cgi?id=823030]here[/url]. And it was almost instantly closed with the following answer:

[quote]
That's because the default values set with the * entry is overriden in the
limits.d/90-nproc.conf file. You have to edit the default entry there.
[/quote]

The /etc/security/limits.d/90-nproc.conf file has this:

[quote]
# Default limit for number of user's processes to prevent
# accidental fork bombs.
# See rhbz #432903 for reasoning.

* soft nproc 1024[/quote]

Post Reply