Ulimit: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
(Created page with "=Internal= * Linux =Overview= Provides control over the resources available to the shell and to processes started by it, on systems that allow such contr...")
 
 
(26 intermediate revisions by the same user not shown)
Line 5: Line 5:
=Overview=
=Overview=


Provides control over the resources available to the shell and to processes started by it, on systems that allow such control. The -H and -S options specify that the hard or soft limit is set for the given resource. A hard  limit cannot be increased by a non-root user once it is set; a soft limit may be increased up to the value of the hard limit. If neither -H nor -S is specified, both the soft and hard limits are set.  The value of limit can be a number in the unit specified for the resource or one of the special values hard, soft, or unlimited, which stand for the current hard limit, the current soft limit, and no limit, respectively.  If limit is omitted,  the current value of the soft limit of the resource is printed, unless the -H option is given. When more than one resource is specified, the limit name and unit are printed before the value.  
Provides control over the resources available to the shell and to processes started by it, on systems that allow such control.


The hard limit is the upper bound of the property, set by root.  The soft limit is the per-user limit that can be adjusted at run time (using ulimit) up to the hard limit.
=Hard and Soft Limits=


These limits can be set up permanently in /etc/security/limits.conf specifically for the account we want:
The -H and -S options specify that the hard or soft limit is set for the given resource.
{{{
 
<span id="hard_limit"></span>The ''hard limit'' is the upper bound of the property, set by root. A hard  limi' cannot be increased by a non-root user once it is set.
 
<span id="soft_limit"></span>The ''soft limit'' is the per-user limit that can be adjusted at run time (using ulimit) up to the hard limit. A soft limit may be increased by the non-root user up to the value of the hard limit.
 
These limits can be set up for the current shell with <tt>[[#Current_Shell|ulimit]]</tt> or permanently in <tt>[[#.2Fetc.2Fsecurity.2Flimits.conf|/etc/security/limits.conf]]</tt>specifically for the account we want, as shown below:
 
<pre>
jbossusr soft nofile 16384
jbossusr soft nofile 16384
jbossusr hard nofile 16384
jbossusr hard nofile 16384
}}}
</pre>


!!!Options
=Options=


* __-a__     All current limits are reported
* '''-a'''     All current limits are reported
* __-b__    The maximum socket buffer size
* __-c__    The maximum size of core files created
* __-d__    The maximum size of a process' data segment
* __-e__    The maximum scheduling priority ("nice")
* __-f__    The maximum size of files written by the shell and its children
* __-i__    The maximum number of pending signals
* __-l__    The maximum size that may be locked into memory
* __-m__    The maximum resident set size (many systems do not honor this limit)
* __-n__    The maximum number of open file descriptors (most systems do not allow this value to be set)
* __-p__    The pipe size in 512-byte blocks (this may not be set)
* __-q__    The maximum number of bytes in POSIX message queues
* __-r__    The maximum real-time scheduling priority
* __-s__    The maximum stack size
* __-t__    The maximum amount of cpu time in seconds
* __-u__    The maximum number of processes available to a single user
* __-v__    The maximum amount of virtual memory available to the shell
* __-x__    The maximum number of file locks
* __-T__    The maximum number of threads


<pre>
[root@rhel-test ~]# ulimit -a
core file size          (blocks, -c) 0
data seg size          (kbytes, -d) unlimited
scheduling priority            (-e) 0
file size              (blocks, -f) unlimited
pending signals                (-i) 3901
max locked memory      (kbytes, -l) 64
max memory size        (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues    (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 8192
cpu time              (seconds, -t) unlimited
max user processes              (-u) 3901
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited
</pre>


!!!To Get a Hard Limit for the Value
* '''-b'''    The maximum socket buffer size
* '''-c'''    The maximum size of core files created
* '''-d'''    The maximum size of a process' data segment
* '''-e'''    The maximum scheduling priority ("nice")
* '''-f'''    The maximum size of files written by the shell and its children
* '''-i'''    The maximum number of pending signals
* '''-l'''    The maximum size that may be locked into memory
* '''-m'''    The maximum resident set size (many systems do not honor this limit)
* '''-n'''    The maximum number of open file descriptors (most systems do not allow this value to be set)
* '''-p'''    The pipe size in 512-byte blocks (this may not be set)
* '''-q'''    The maximum number of bytes in POSIX message queues
* '''-r'''    The maximum real-time scheduling priority
* '''-s'''    The maximum stack size
* '''-t'''    The maximum amount of cpu time in seconds
* '''-u'''    The [[Linux_Process_Management_Concepts#Maximum_Number_of_Processes_Available_to_a_Single_User|maximum number of processes available to a single user]]
* '''-v'''    The maximum amount of virtual memory available to the shell
* '''-x'''    The maximum number of file locks
* '''-T'''    The maximum number of threads


{{{
=To Get the Soft Limit of a Value=


    ulimit -Hn
If limit is omitted as <tt>ulimit</tt> argument, the current value of the soft limit of the resource is printed, unless the -H option is given. When more than one resource is specified, the limit name and unit are printed before the value.


}}}
<pre>
ulimit -n
</pre>


!!!To Set A Value
=To Get the Hard Limit for a Value=


!!.bashrc
<pre>
ulimit -Hn
</pre>


Edit the corresponding .bashrc and add the following (for example, for file descriptors) but make sure it's under the hard limit set by root:
=To Set A Value=


{{{
Use <tt>ulimit</tt> or declare the values in <tt>/etc/security/limits.conf</tt>, as described below.


    ulimit -n 2048
When using <tt>ulimit</tt>, if neither -H nor -S is specified, both the soft and hard limits are set. The value of limit can be a number in the unit specified for the resource or one of the special values "hard", "soft", or "unlimited", which stand for the current hard limit, the current soft limit, and no limit, respectively.


}}}
==Current Shell==


!!/etc/security/limits.conf
To change the limit in the current shell, use:


<pre>
ulimit -n <new-hard-and-soft-limit>
</pre>


{{{
The limit set this way does propagate to sub-shells, but it is not persisted, so if you need your change to survive the current shell, you may want to change it in [[#.bashrc|.bashrc]] or <tt>[[#.2Fetc.2Fsecurity.2Flimits.conf|/etc/security/limits.conf]]</tt>:
 
==.bashrc==
 
Edit the corresponding <tt>.bashrc</tt> and add the following (for example, for file descriptors) but make sure it's under the hard limit set by root:
 
<pre>
ulimit -n 2048
</pre>
 
==<tt>/etc/security/limits.conf</tt>==
 
<pre>
jbossusr soft nofile 16384
jbossusr soft nofile 16384
jbossusr hard nofile 16384
jbossusr hard nofile 16384
}}}
</pre>
 


This change does not require a reboot - only that all processes belonging to the user are killed and restarted, so they can use the new value.
This change does not require a reboot - only that all processes belonging to the user are killed and restarted, so they can use the new value.


Note that configuration files in /etc/security/limits.d directory, which are read in alphabetical order, override the settings in this file in case the domain is the same or more specific.
Note that configuration files in <tt>/etc/security/limits.d</tt> directory, which are read in alphabetical order, override the settings in this file in case the domain is the same or more specific.


A good practice would be to modify those files first.
A good practice would be to modify those files first.


For example, the file that controls noproc and overrides /etc/security/limits.conf is /etc/security/limits.d/90-nproc.conf
For example, the file that controls noproc and overrides <tt>/etc/security/limits.conf</tt> is <tt>/etc/security/limits.d/90-nproc.conf</tt>:


{{{
<pre>


*          soft    nproc    1024
*          soft    nproc    1024
root      soft    nproc    unlimited
root      soft    nproc    unlimited


}}}
</pre>
 
__Referenced by:__\\
[{INSERT com.ecyrd.jspwiki.plugin.ReferringPagesPlugin WHERE max=20, maxwidth=50}]

Latest revision as of 20:40, 21 April 2017

Internal

Overview

Provides control over the resources available to the shell and to processes started by it, on systems that allow such control.

Hard and Soft Limits

The -H and -S options specify that the hard or soft limit is set for the given resource.

The hard limit is the upper bound of the property, set by root. A hard limi' cannot be increased by a non-root user once it is set.

The soft limit is the per-user limit that can be adjusted at run time (using ulimit) up to the hard limit. A soft limit may be increased by the non-root user up to the value of the hard limit.

These limits can be set up for the current shell with ulimit or permanently in /etc/security/limits.confspecifically for the account we want, as shown below:

jbossusr soft nofile 16384
jbossusr hard nofile 16384

Options

  • -a All current limits are reported
[root@rhel-test ~]# ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 3901
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) 3901
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited
  • -b The maximum socket buffer size
  • -c The maximum size of core files created
  • -d The maximum size of a process' data segment
  • -e The maximum scheduling priority ("nice")
  • -f The maximum size of files written by the shell and its children
  • -i The maximum number of pending signals
  • -l The maximum size that may be locked into memory
  • -m The maximum resident set size (many systems do not honor this limit)
  • -n The maximum number of open file descriptors (most systems do not allow this value to be set)
  • -p The pipe size in 512-byte blocks (this may not be set)
  • -q The maximum number of bytes in POSIX message queues
  • -r The maximum real-time scheduling priority
  • -s The maximum stack size
  • -t The maximum amount of cpu time in seconds
  • -u The maximum number of processes available to a single user
  • -v The maximum amount of virtual memory available to the shell
  • -x The maximum number of file locks
  • -T The maximum number of threads

To Get the Soft Limit of a Value

If limit is omitted as ulimit argument, the current value of the soft limit of the resource is printed, unless the -H option is given. When more than one resource is specified, the limit name and unit are printed before the value.

ulimit -n

To Get the Hard Limit for a Value

ulimit -Hn

To Set A Value

Use ulimit or declare the values in /etc/security/limits.conf, as described below.

When using ulimit, if neither -H nor -S is specified, both the soft and hard limits are set. The value of limit can be a number in the unit specified for the resource or one of the special values "hard", "soft", or "unlimited", which stand for the current hard limit, the current soft limit, and no limit, respectively.

Current Shell

To change the limit in the current shell, use:

ulimit -n <new-hard-and-soft-limit>

The limit set this way does propagate to sub-shells, but it is not persisted, so if you need your change to survive the current shell, you may want to change it in .bashrc or /etc/security/limits.conf:

.bashrc

Edit the corresponding .bashrc and add the following (for example, for file descriptors) but make sure it's under the hard limit set by root:

ulimit -n 2048

/etc/security/limits.conf

jbossusr soft nofile 16384
jbossusr hard nofile 16384

This change does not require a reboot - only that all processes belonging to the user are killed and restarted, so they can use the new value.

Note that configuration files in /etc/security/limits.d directory, which are read in alphabetical order, override the settings in this file in case the domain is the same or more specific.

A good practice would be to modify those files first.

For example, the file that controls noproc and overrides /etc/security/limits.conf is /etc/security/limits.d/90-nproc.conf:


*          soft    nproc     1024
root       soft    nproc     unlimited