Results 1 to 8 of 8

Thread: /etc/security/limits.conf can only be deceased and not increased??

  1. #1
    Join Date
    Nov 2021
    Beans
    3

    /etc/security/limits.conf can only be deceased and not increased??

    Hi,

    I'd like to make the below changes to my ubuntu server.

    It seems if I change the /etc/security/limits.conf file to match this it doesn't take affect.

    I can reduce the defaults using the limits.conf but I can't increase them.

    What am I doing wrong here?

    What do I need to change to be able to increase these limits?


    Parameter Description Setting
    nofile The number of files the host OS can keep open at once. 65536
    nproc The number of processes the OS can run simultaneously. 65536
    memlock (soft) The maximum locked-in address space a particular user can allocate. Once allocated, the pages stay in physical memory, which speeds up operations on the ledger database. The soft limit applies to the owner of the process, which will be radixdlt in our case. unlimited
    memlock (hard) The maximum locked-in address space that can allocated on the OS as a whole. This value can only be set by the root user. Any soft memlock cannot exceed the value of the hard memlock. unlimited

  2. #2
    Join Date
    Feb 2011
    Location
    Coquitlam, B.C. Canada
    Beans
    3,101
    Distro
    Ubuntu Development Release

    Re: /etc/security/limits.conf can only be deceased and not increased??

    It is not clear what you are doing wrong. Post your /etc/security/limits.conf file.
    Any follow-up information on your issue would be appreciated. Please have the courtesy to report back.

  3. #3
    Join Date
    Mar 2010
    Location
    USA
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: /etc/security/limits.conf can only be deceased and not increased??

    Doug S is right in that no one has any idea what your limits.conf file looks like to see if you might have syntax errors or anything commented out...

    And: Are you rebooting the server after you change the limits.conf file to pick up the changes?

    I'm thinking that your file probably looks something similar to (but just guessing what yours looks like):
    Code:
    #/etc/security/limits.conf
    #
    # Notes:
    #   - Restart Server for limits to take effect...
    #   - Using a high number (greater than ~20000) for soft and hard nproc may cause 
    #     system instability and hangs on Centos 7, though not on Ubuntu 18, 19, and 20.
    #   - Check current limits: cat /proc/PID/limits
    #
    #<domain>      <type>  <item>         <value>
    #
    root           hard    nofile         65536
    root           hard    nproc          65536
    radixdlt       soft    memlock        unlimited
    root           hard    memlock        unlimited
    
    # End of file
    I have used 'unlimited" to stress test servers and see just where they fail/crash...
    Code:
    # /etc/security/limits.conf
    # To Stress Test Servers
    # Check limits:
    #    cat /proc/PID/limits
    
    *        -      core         unlimited
    root     -      core         unlimited
    *        -      data         unlimited
    root     -      data         unlimited
    *        -      fsize        unlimited
    root     -      fsize        unlimited
    *        -      memlock      unlimited
    root     -      memlock      unlimited
    *        -      nofile       1048576
    root     -      nofile       1048576
    *        -      rss          unlimited
    root     -      rss          unlimited
    *        -      stack        unlimited
    root     -      stack        unlimited
    *        -      cpu          unlimited
    root     -      cpu          unlimited
    *        -      nproc        unlimited
    root     -      nproc        unlimited
    *        -      as           unlimited
    root     -      as           unlimited
    *        -      maxlogins    unlimited
    root     -      maxlogins    unlimited
    *        -      maxsyslogins unlimited
    root     -      maxsyslogins unlimited
    *        -      locks        unlimited
    root     -      locks        unlimited
    *        -      sigpending   unlimited
    root     -      sigpending   unlimited
    *        -      msgqueue     unlimited
    root     -      msgqueue     unlimited
    
    # End Of File
    Then verify as logged in as a specific user also with
    Code:
    ulimit -Sa
    ulimit -Ha
    and test with this recursive function
    Code:
    :(){ :|:& };:
    Last edited by MAFoElffen; November 13th, 2021 at 06:26 AM.

    Concurrent coexistance of Windows, Linux and UNIX...
    Ubuntu user # 33563, Linux user # 533637
    Sticky: [all variants] Graphics Resolution- Upgrade /Blank Screen after reboot
    UbuntuForums system-info Script

  4. #4
    Join Date
    Nov 2021
    Beans
    3

    Re: /etc/security/limits.conf can only be deceased and not increased??

    Actually it looks like just the hard limit is changing. Just testing on another machine with the phil user and only trying to change the nofile parameter. I get the following.

    Code:
    #/etc/security/limits.conf
    #
    #Each line describes a limit for a user in the form:
    #
    #<domain> <type> <item> <value>
    #
    root hard nofile 2048
    root soft nofile 2048
    phil - nofile 65536
    
    # End of file
    Code:
    ulimit -Sa
    
    
    core file size          (blocks, -c) 0
    data seg size           (kbytes, -d) unlimited
    scheduling priority             (-e) 0
    file size               (blocks, -f) unlimited
    pending signals                 (-i) 30756
    max locked memory       (kbytes, -l) 65536
    max memory size         (kbytes, -m) unlimited
    open files                      (-n) 1024
    pipe size            (512 bytes, -p) 8
    POSIX message queues     (bytes, -q) 819200
    real-time priority              (-r) 0
    stack size              (kbytes, -s) 8192
    cpu time               (seconds, -t) unlimited
    max user processes              (-u) 30756
    virtual memory          (kbytes, -v) unlimited
    file locks                      (-x) unlimited
    Code:
    ulimit -Ha
    
    core file size          (blocks, -c) unlimited
    data seg size           (kbytes, -d) unlimited
    scheduling priority             (-e) 0
    file size               (blocks, -f) unlimited
    pending signals                 (-i) 30756
    max locked memory       (kbytes, -l) 65536
    max memory size         (kbytes, -m) unlimited
    open files                      (-n) 65536
    pipe size            (512 bytes, -p) 8
    POSIX message queues     (bytes, -q) 819200
    real-time priority              (-r) 0
    stack size              (kbytes, -s) unlimited
    cpu time               (seconds, -t) unlimited
    max user processes              (-u) 30756
    virtual memory          (kbytes, -v) unlimited
    file locks                      (-x) unlimited

    Is there something I need to do to enforce the change to the soft limits as well?

  5. #5
    Join Date
    Nov 2021
    Beans
    3

    Re: /etc/security/limits.conf can only be deceased and not increased??

    I'm not sure if there was a type of something somewhere but I managed to get everything working as expected now. Thanks for your help.

  6. #6
    Join Date
    Mar 2010
    Location
    USA
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: /etc/security/limits.conf can only be deceased and not increased??

    Just another "factor" to consider...

    If you expect a user or group to get a certain limit, and and they were restricted at less than you expected... It is first come. first serve. ...and... If a value is not valid, it will be ignored.

    On getting a lower limit, or being restricted at a lower level than expected... The promise, if valid is: If an entities limit value is high, they can "possibly" get up to that limit "in a perfect world." But that world, that slice of the pie, is effected by what it left from current users, groups and the OS (root) in that point of time. They can only possibly have a slice (access) to what is "left" of the pie.
    Is there something I need to do to enforce the change to the soft limits as well?
    On soft and hard limits... Hard limits are "Here is the boundary." Soft limits are somewhat like "suggestions" You said "enforce..." But soft limits can be temporarily changed by a non-root user or application up to the limit of the hard limit.
    The getrlimit and setrlimit system calls allow a process to read and set limits on the system resources that it can consume. ... The soft limit may never exceed the hard limit, and only processes with superuser privilege may change the hard limit...
    But most user's do not know that they can or how to adjust those soft limits on their own, so...

    ***
    So this is solved for you now?

    Concurrent coexistance of Windows, Linux and UNIX...
    Ubuntu user # 33563, Linux user # 533637
    Sticky: [all variants] Graphics Resolution- Upgrade /Blank Screen after reboot
    UbuntuForums system-info Script

  7. #7
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: /etc/security/limits.conf can only be deceased and not increased??

    Please use the "thread tools" button and mark this thread as SOLVED to help community members not waste time.

  8. #8
    Join Date
    Sep 2011
    Location
    Behind you!
    Beans
    1,574
    Distro
    Ubuntu 20.04 Focal Fossa

    Lightbulb Re: /etc/security/limits.conf can only be deceased and not increased??

    Quote Originally Posted by philpug View Post
    Hi,

    I'd like to make the below changes to my ubuntu server.

    It seems if I change the /etc/security/limits.conf file to match this it doesn't take affect.

    I can reduce the defaults using the limits.conf but I can't increase them.

    What am I doing wrong here?

    What do I need to change to be able to increase these limits?


    Parameter Description Setting
    nofile The number of files the host OS can keep open at once. 65536
    nproc The number of processes the OS can run simultaneously. 65536
    memlock (soft) The maximum locked-in address space a particular user can allocate. Once allocated, the pages stay in physical memory, which speeds up operations on the ledger database. The soft limit applies to the owner of the process, which will be radixdlt in our case. unlimited
    memlock (hard) The maximum locked-in address space that can allocated on the OS as a whole. This value can only be set by the root user. Any soft memlock cannot exceed the value of the hard memlock. unlimited
    Rather than make changes system-wide, you could apply them to a specific process. For example, I run a game server that touches a LOT of files due to how they designed their file system (lose files instead of packed file) so most tutorial talk about modifying the limits of the entire system.

    However, I run the engine as a systemd service and as such, I specified the limit inside the systemd configuration which worked perfectly.

    Example: /lib/systemd/system/arkservice\@.service

    Code:
    [Unit]
    Description=ARK: %i
    Wants=network-online.target
    After=syslog.target network.target nss-lookup.target network-online.target
    [Service]
    Type=simple
    Restart=on-failure
    RestartSec=30
    StartLimitInterval=180s
    StartLimitBurst=3
    KillMode=control-group
    KillSignal=SIGQUIT
    SendSIGHUP=no
    SendSIGKILL=yes
    FinalKillSignal=SIGKILL
    RuntimeMaxSec=infinity
    LimitNOFILE=100000
    #ExecStartPre=/opt/ark/scripts/game-sync-1.sh %i
    TimeoutStartSec=180
    ExecStart=/opt/ark/scripts/game-start.sh %i
    ExecReload=
    TimeoutStopSec=120
    ExecStop=/opt/ark/scripts/game-stop.sh %i
    User=arkservice
    Group=arkserver
    [Install]
    WantedBy=multi-user.target
    LHammonds

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •