Ulimit file descriptor limits not being applied for particular process
I recently checked one of our redis processes to what ulimits where applied using:
cat /proc/<redis-pid>/limits
And was suprised to learn that is was at the low default value:
Limit Soft Limit Hard Limit
Max open files 4016 4016
I was suprised, because we have the following configured:
# /etc/sysctl.conf
fs.file-max = 100000
.
# /etc/security/limits.conf
* soft nofile 100000
* hard nofile 100000
.
# /etc/ssh/sshd_config
UsePAM yes
.
# /etc/pam.d/sshd
session required pam_limits.so
Can anyone tell me why the increased ulimit is not being applied to the running redis process?
The redis process is running as the user 'redis', the server has been rebooted since the limits were increased. We are on Debian Squeeze.
In Linux resource limits can be set in various locations based on the type of requirement.
-
/etc/security/limits.conffile. -
/etc/sysctl.conffile. -
ulimitcommand
/etc/security/limits.conf is part of pam_limits and so the limits that are set in this file is read by pam_limits module during login sessions. The login session can be by ssh or through terminal. And pam_limits will not affect the daemon processes as mentioned here.
/etc/sysctl.conf is a system wide global configuration, we cannot set user specific configuration here. It sets the maximum amount of resource that can be used by all users/processes put to gether.
ulimit command is used to set the limits of the shell. And so when a limit is set with ulimit on a shell, the process which gets spawned from the shell gets that value too because of the rule that the child process inherits the parent processes properties.
And so for your case, as the redis is started as part of init none of the above will help you directly. The proper way of doing this is that, you have to use the ulimit command to set the new value in the init script itself. Like below in the script,
ulimit -n 100000
if start-stop-daemon --start --quiet --umask 007 --pidfile $PIDFILE --chuid redis:redis --exec $DAEMON -- $DAEMON_ARGS.
There is already a bug filed in wishlist to add ulimit feature to start-stop-daemon
.
Also check in redis configuration if there is any way of providing limits there.
The sysctl fs.file-max parameter is wide global system limit, i don't think is a good idea setting in ulimit the same value.
If you set in ulimit 100000 and in sysctl.conf 100000 too, one user can block the system
Any way, talking about your problem, you neet to be sure, your system use pam_limits
man pam_limits
grep -i limit /etc/pam.d/*
You've enabled pam_limits for sshd, but is this command being executed from an SSH session? You may need to add the same line to /etc/pam.d/login and/or /etc/pam.d/su and/or /etc/pam.d/sudo.