can't log in when nofile is set to unlimited in /etc/security/limits.conf

centos ulimit

I set the following values (-1 will be resolved to unlimited, I suppose) in /etc/security/limits.conf (CentOS 6.2)

root nofile soft -1

root nofile hard -1

and I can't log in with root user now. Similar to the issue described here. Setting the value back would resolve the issue.

Can anyone help to explain this ?

Updates:

Thanks guys. I memorize my settings incorrectly. Those values should be

root soft nofile -1
root hard nofile -1

As @Michael Hampton told you, your syntax is wrong, but anyway i don't think is good idea to set the file limit to unlimited

You can read this post for more information https://stackoverflow.com/questions/1212925/on-linux-set-maximum-open-files-to-unlimited-possible

I downloaded the kernel version linux-2.6.32.61 and i saw this from kernel/sys.c:

 SYSCALL_DEFINE2(setrlimit, unsigned int, resource, struct rlimit __user *, rlim)
 {
    struct rlimit new_rlim, *old_rlim;
    int retval;

    if (resource >= RLIM_NLIMITS)
            return -EINVAL;
    if (copy_from_user(&new_rlim, rlim, sizeof(*rlim)))
            return -EFAULT;
    if (new_rlim.rlim_cur > new_rlim.rlim_max)
            return -EINVAL;
    old_rlim = current->signal->rlim + resource;
    if ((new_rlim.rlim_max > old_rlim->rlim_max) &&
        !capable(CAP_SYS_RESOURCE))
            return -EPERM;
    if (resource == RLIMIT_NOFILE && new_rlim.rlim_max > sysctl_nr_open)
            return -EPERM;

from man proc

The kernel constant NR_OPEN imposes an upper limit on the value that may be placed in 
file-max.

from ./fs/file.c:

./fs/file.c:30:int sysctl_nr_open __read_mostly = 1024*1024;
echo $((1024*1024))
1048576

why you need more files than nr_open?

i did a test using your limits.conf settings:

/etc/pam.d/su:

 egrep -v "^#|^$" /etc/pam.d/su
 auth       sufficient pam_rootok.so
 session       required   pam_env.so readenv=1
 session       required   pam_env.so readenv=1 envfile=/etc/default/locale
 session    optional   pam_mail.so nopen
 session    required   pam_limits.so 
 @include common-auth
 @include common-account
 @include common-session

Now i'll to switch to user root using su command:

root@ubuntu:~# strace -e setrlimit su - root
setrlimit(RLIMIT_NOFILE, {rlim_cur=RLIM64_INFINITY, rlim_max=RLIM64_INFINITY}) = -1 EPERM (Operationnot permitted)

You've reversed the second and third fields.

It should read instead:

root soft nofile -1
root hard nofile -1

Related

Why are many DNS servers not returning the namservers for my domain correctly?
On a freshly-rebooted server why would the CPU running time of processes be huge?
How do I build and configure a local CPAN module repo?
.htaccess Redirect 301 with trailing slash adds trailing slash to destination
iptables drops some packets on port 80 and i don't know the cause
Should I specify the SRV record "_jabber._tcp"?
Bonding with 2 NIC's and 2 reserves?
Must the authoritative DNS server for a domain allow recursion to allow CNAME records pointing to other domains?
Overriding Parameters in Previously Declared Puppet Resource
How does the barbarian "revenge" skill work?
Where to find the Old Keepsake Box?
What are the extra icons that sometimes show up on Okami HUD during combat?