ulimit -n not changing - values limits.conf has no effect
I am trying to raise the open file descriptor maximum for all users on an ubuntu machine.
This question is somewhat of a follow up to this question.
open file descriptor limits.conf setting isn't read by ulimit even when pam_limits.so is required
except that i've added the required "root" entries in limits.conf
Here are the entries
* soft nofile 100000
* hard nofile 100000
root soft nofile 100000
root hard nofile 100000
Lines related to pam_limits.so have been un-commented in all relevant files in /etc/pam.d/ and fs.file-max has been set correctly in /etc/sysctl.conf
However, I still see
abc@machine-2:/etc/pam.d$ ulimit -n
1024
after reboot.
What could be the problem?
My default shell is /bin/sh and i can't use chsh to change my default shell since the my user on the machine is authenticated via some distributed authentication scheme.
I had a similar problem, but with SSH logins only. Local logins (via console) respected the /etc/security/limits.conf.
As it turned out, when you set:
UsePrivilegeSeparation yes
in /etc/ssh/sshd_config file, then sshd forks an unprivileged child to set up the account's env. Because this child is unprivileged, then pam_limits.so setting upper limits had no effect.
As soon as I set
UsePrivilegeSeparation no
in /etc/ssh/sshd_config and bounced the SSH service, then the limits.conf file were respected with SSH logins.
On Redhat server logged as root
/etc/security/limits.conf
user01 - nofile 2048
strace command logged as root
strace -o loglimit su - user01
with other shell open loglimit
grep "limit" loglimit
open("/lib64/security/pam_limits.so", O_RDONLY) = 6
..........
..........
open("/etc/security/limits.conf", O_RDONLY) = 3
read(3, "# /etc/security/limits.conf\n#\n#E"..., 4096) = 1823
open("/etc/security/limits.d", O_RDONLY|O_NONBLOCK|O_DIRECTORY) = 3
setrlimit(RLIMIT_NOFILE, {rlim_cur=2*1024, rlim_max=2*1024}) = 0
In this way I know that, pam_limits was loaded and limits.conf was readed, if your pam_limits was loaded but you still see other values using ulimit -n, check your shell profile as @etherfish told
I suspect the ulimit is being applied by a /etc/profile or a ~/.bashrc. The fact that your system has a complicated pam, I would confirm that something isn't going awry.
I'd also confirm that there isn't an errant file in /etc/security/limits.d/ being parsed as mentioned in pam_limits(8).
I'd add debug parameter to the session required pam_limits.conf line and then watch /var/log/auth.log as you log in.
If your soft limit is 1024, whats your hard limit?
su should get you a fresh, new log in with su using the -l argument.
su -l -s /bin/bash
Good Luck.
I was with a issue like this, here what I did.
The strace command will print all interactions the process are doing with external libraries, so with it we can see if our config is loaded or not.
So, i do, like suggested above:
root:/etc/pam.d$ strace -o ~/loglimit su - glaudiston
glaudiston:~$ exit
logout
root:/etc/pam.d$ cat ~/loglimit | grep limits.conf
In my issue, the strace log (strace -o log su - username) does not have any instance of limits text, so the file limits.conf was NOT loaded.
First I make sure the pam_limits.so looks for /etc/security/limits.conf
root:/etc/pam.d$ strings /lib/security/pam_limits.so | grep limits.conf
/etc/security/limits.conf
So, I make sure that the module pam_limits.so is loaded in auth operation in files located at /etc/pam.d ... for example, in /etc/pam.d/su, I added:
session required pam_limits.so
Now, I can make a "su" to my user and the limits will be loaded. You can redo the strace step to make it sure.
My linux is a LFS, so is my fault the absense of pam_limits.so in /etc/pam.d files. In other distros I don't think to be this exact issue.
But hope this helps.
In my case (Centos 6.10) strace showed that after limit was set from /etc/security/limits.conf later on in the login process it was reset from /etc/security/limits.d/90-nproc.conf for all non-root users:
* soft nproc 1024
root soft nproc unlimited