ulimit Changes for File nofiles

SUSE Linux Enterprise Server SLES Configure-Administer
1

I’m really struggling to figure this out. I’m having a similar issues
that was posted to this ‘thread’
(http://forums.novell.com/suse/suse-product-discussion-forums/suse-linux-enterprise/suse-linux-enterprise-server-sles/sles-configure-administer/418730-ulimit-changes-work-su-but-ignored-login.html)
but I don’t see a solution to the problem.

I’m trying to increase the hard and soft limits for the oracle user by
specifying them in /etc/security/limits.conf

oracle soft nproc 2047
oracle hard nproc 16384
oracle soft nofile 4096
oracle hard nofile 65536
oracle soft stack 10240

All the limits are being applied correctly except the nofile limits.

If I log in as that user, either with a new session or “su - oracle”
the nofile limit is 1024 and can’t be adjusted any higher. However, if I
just “su oracle” from the root user the nofile limits are what is
specified in the file.

From what I can gather I need to have the “session require
pam_limits.so” specified in /etc/pam.d/login but as far as I can tell it
is included via the “session include common-session” line.

Any one else have this problem or know of a solution?


derekmceachern

derekmceachern’s Profile: http://forums.novell.com/member.php?userid=121489
View this thread: http://forums.novell.com/showthread.php?t=449813

2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Are you sure there is not something in the ‘oracle’ user’s profile or
login scripts resetting it again to some smaller value? The difference
between ‘su’ on its own and the options that fail as you described them
is that the other options reset the environment completely where ‘su’ on
its own does not so you are actually inheriting the previous user’s
settings (and the previous user may not have any bash/profile scripts
setting things down to 1024).

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJO77HHAAoJEF+XTK08PnB5nXYQAIbz71CiQ0q+Izb+Vib2v8kR
jAvpJa3Z6Pzrz8jwTbx8ar7aPo2Fbruigph3xsAa3iHVXUWcLRTKHKQXqZdJsuBj
O+r8uK4BbHq7FrzrNcMLDMWQHcBtTSworvrG1SXiC23D1ntTjYOFjyfUpPAP18sE
5FeXEja2Lg/ZhiYbHzZVdca5IHXXbcX7CFpsjkOJThzVNqfkEXDBYU3S6KNi3aVZ
jqLDeq6RisSSCP71RgjWOUuxbmC+Xgk0UixHosLRJRLOh2wnF4G1PSdm0mtnODsO
qtUAolOHDebhXKvTyyNE+onF8tK06EvK3jqIwDbaxqSOGFRse+qwLWLx5MqD25x6
va40ZUXFMcLPc6PNqNSsSDN0aciE9MNcRr+G1Hwfd0e0WqylRgtJkiogy2dOWW2K
IFydLEj1ur7a6Dw6E57Ncnqu9QTfnt8UB3UHjaD1HofQpJKVlaH52Ay5br1um2wj
tfhyC3yGhYC1Z7aPinj4HqrY0ia9uUral5w31JMlXMWhjXPgmtXohMQDKDvqTDEx
cPl92jmammCd+T4TmRduxt3ZatzG7fVU7PZlSCb3V7r7Ii/V0LRTw/Y25sNV+bPJ
kj9EhEgJtBdcdWwGNYMnwYKtPRtIRmj2AK7CdR4s+4dQo36TXvuiSV5kn+kpER56
HuaFFqoGICVSSwEKtQSH
=/fh6
-----END PGP SIGNATURE-----

3

That’s really strange.

Your right, there is a limit set in oracle users profile, it’s a ksh
shell and it does a

ulimit -n 1024

However, if I try and change the limit using the ulimit command it
fails.

(oracle) $ ulimit -Sn 2048
-ksh: ulimit: 2048: limit exceeded [Invalid argument]

If I remove the ulimit in the .kshrc it gets set correctly and I’m able
to change it.

I guess I don’t understand the mechanism here on why the .kshrc ulimit
is taking precedence and preventing it from being modified after login.


derekmceachern

derekmceachern’s Profile: http://forums.novell.com/member.php?userid=121489
View this thread: http://forums.novell.com/showthread.php?t=449813

4

RTFM :slight_smile: From ulimit(2)

The -H and -S flags specify whether the hard limit or the
soft limit for the given resource is set. A hard limit can-
not be increased once it is set. A soft limit can be
increased up to the value of the hard limit. If neither the
-H or -S options is specified, the limit applies to both.

That would explain why I can’t change the hard limit after it’s been
set.


derekmceachern

derekmceachern’s Profile: http://forums.novell.com/member.php?userid=121489
View this thread: http://forums.novell.com/showthread.php?t=449813

5

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Exactly. If a hard limit could be increased at runtime by the user
themselves it’d hardly be a limit. :slight_smile:

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJO8AraAAoJEF+XTK08PnB5QYUP/1cF30IQxMtCILD28Yi9GDF/
IMqJMohYJ6Ay0VrDKBW6mmYuHm4EJPRevUu9yEjEShzh8rRDoHhXOHWItlf8mUTc
ukBkxHQeR48nJjFANYlFrkq378xDzpX3eQHQh0D21unGZ5Xp4Dn/S/zcxyiyz/eb
yBJUEBbiQWiOFV+Om0iEDwX1XuHGMlHaIceGOOWytMKGLa5UODBDFvWqcPGb0ixv
/vIv32uJF942QCLt9wVmf54qrgnDiCbLqkF+eG4LbpTYZO53jzlyLmQHbkHxWROC
RmqcYbRWH1sGM+AsrYczHPX7KNOynvVCjkWrNxi1qN8bMVW9T9BIHCs+21fGNv5p
/xmfh2aHhT53cOxllCRRe0P5+9554TtWoyRHDs2NTX9Ehi93Vt55Gj3xvdjMHenj
vn4/2idtylIx2TMPKYmGS9wLBcmbqqoqFcuMTmXNpjE5hTojQE9kOofSV1XmQATo
sdmtugof6TKw9/yfwwanSLAk2/kY1AkaPQ9qBxHyCMegViXYRX9NpwJCYsTAt/bO
g3ifpHHiHCwO6DHwiWzeOJn+voc5ukB9tJhLSHtIUUlOhz6AGxefSmJAg44GLArH
IuNLssuGMa4O5Wr+64OXId8J88wiFqWev8pB+3RN6zps2JPQy8hSyg6vI1ruPDdv
d9dZxuJGbVIL5v0TW0Q1
=6MFt
-----END PGP SIGNATURE-----

6

But to my way of thinking they should be able to increase the hard limit
to what the system has defined as the hard limit for that user.

I have a system defined limit of 4096 defined in
/etc/security/limits.conf.

User sets hard limit in profile to 1024.

I would expect them to be able to adjust the hard limit up to 4096 but
not beyond.

Either way, I now understand the behaviour and can make it work like I
need.


derekmceachern

derekmceachern’s Profile: http://forums.novell.com/member.php?userid=121489
View this thread: http://forums.novell.com/showthread.php?t=449813

7

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yes, you understand it correctly. The problem is that Oracle apparently
does not understand and instead of setting a soft limit (which you could
then control as you tried to do) they set a hard limit, with the
‘oracle’ user, thus locking you out from making your own changes after
the fact. Silly, but oh well.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJO8LKYAAoJEF+XTK08PnB5WUkP/1j5RyWKMXGLCjYOMPfuTh0y
VzmYk03MbDJMu3Im5JqQkXyj143X+r48moEdBCS4sgT7K3SKM90tuzQm6rhUoRXj
lID3ol3QISk8e1LKkhHQYdlIMBBvEMJY/BJ5YOMNr2SmibwCNyUv0SAJnK+VOd4N
dknEN+bHedWNSICaXhcFH+PaYNxC+BxF9h28roQgKTvP4JQYbjNz+pGHrkdzDJPD
6j8tFzz+/0DFfwU4AMFhWJgqJbbkrlPksknW2ePz3jXw/o73vnLJWsRR+8TILwtU
cqCwXuXZZcFGDWQf3VxJqgF1b2HAmji9Vvm13wSgGJNhjJshtwg4S4Re8xcTirtv
hdtEzsHT1f/LLIvwjVbZZL+paOO+vic0PFpkZTXvUSWH4KldXq4G60t25X4q6uVU
a2031bvPpj2Vf2AIru3kzpHjdltt9nV92+zmthViq2U/kiKNRY6peoXGmRs7ynic
oQkghH8buGXRgwPpbPk1DK0394Vl1xnvZoXfG4om2JQAYw4fSnkB9STgvkfhSI9V
mg5MFpaQCKEZsGEGRmhh+pR5IDNpkri+pBkJydsj+v+tKA7R6gSKh6RetWcgDsZZ
s+KekEOTdMLVZEb8SDquXBaaZ1y1y8h75bX8FtdsosiQKFwCKceazWrYSvJKWNGk
0ieLpgWNx4OTg07EvDlM
=TgXC
-----END PGP SIGNATURE-----

8

Hey, I have a similar problem.

I can´t set the ulimit to 65536 for user root.

I setup /etc/security/limits.conf
root hard nofile 65536
But ulimit -n is keeps showing 1024

Where is 1024 being set - how can I change it ?

Entries for oracle users are working fine with the configure limits.conf

chris