where are the default ulimit values set? (linux, centos)

linux centos ulimit

Solution 1:

These "default" limits are applied by:

  • the Linux kernel at boot time (to the init or systemd process),
  • inheritance, from the parent process' limits (at fork(2) time),
  • PAM when the user session is opened (can replace kernel/inherited values),
  • systemd, especially to the processes it manages,
  • the process itself (can replace PAM & kernel/inherited values, see setrlimit(2)).

Normal users' processes cannot rise hard limits.

The Linux kernel

At boot time, Linux sets default limits to the init (or systemd) process, which are then inherited by all the other (children) processes. To see these limits: cat /proc/1/limits.

For example, the kernel default for maximum number of file descriptors (ulimit -n) was 1024/1024 (soft, hard), and has been raised to 1024/4096 in Linux 2.6.39.

The default maximum number of processes you're talking about is limited to approximately:

Total RAM in kB / 128

for x86 architectures (at least), but distributions sometimes change default kernel values, so check your kernel source code for kernel/fork.c, fork_init(). The "number of processes" limit is called RLIMIT_NPROC there.

PAM

Usually, to ensure user authentication at login, PAM is used along with some modules (see /etc/pam.d/login).

On Debian, the PAM module responsible for setting limits is here : /lib/security/pam_limits.so.

This library will read its configuration from /etc/security/limits.conf and /etc/security/limits.d/*.conf, but even if those files are empty, pam_limits.so might use hardcoded values that you can check within the source code.

For example, on Debian, the library has been patched so that by default, the maximum number of processes (nproc) is unlimited, and the maximum number of files (nofile) is 1024/1024:

  case RLIMIT_NOFILE:
      pl->limits[i].limit.rlim_cur = 1024;
      pl->limits[i].limit.rlim_max = 1024;

So, check your CentOS' PAM module source code (look for RLIMIT_NPROC).

However, please note that many processes will not go through PAM (usually, if they are not launched by a logged in user, like daemons and maybe cron jobs).

systemd

Nowadays, systemd is widely used, it replaces init and can also configure specific limits values, especially to the processes/daemons it manages and creates itself.

Some limits it uses by default can be manually configured in /etc/systemd/system.conf. There is more information available in the documentation.

Solution 2:

On RHEL6 (CentOS6) "max user processes" is set to 1024 by default.
You can change this value in file: 

/etc/security/limits.d/90-nproc.conf

See https://bugzilla.redhat.com/show_bug.cgi?id=432903 if you'd like to complain about it :)

Related

How to detect whether a user is using USB tethering?
How do you handle "CMD does not support UNC paths as current directories"?
Is it possible to reset the password on a SuperMicro IPMI interface?
Are SPF records legacy?
ssh: "Agent admitted failure to sign using the key"
How do I request a new IP address from my DHCP server using Ubuntu Server?
How do I get Apache to startup at bootime on Linux?
Default CA Cert Bundle Location
Languages understandable to English-speakers without learning
What is the meaning of comprehension in the term "list comprehension"?
€10 = "ten euro" or "ten euros"?
What does "up she rises" mean in the sea shanty "Drunken Sailor"?