Changes to /etc/security/limits.conf and /etc/security/limits.d/20-nproc.conf have no effect

centos ulimit

715

Solution 1

The error might occurs due to many reasons.

First of all, Use the following command command to display maximum number of open file descriptors:

$ cat /proc/sys/fs/file-max

Let's pretend the output was 4096, what does it mean? It means, 4096 files a normal user can have open in single login session, you can also display it by checking its Hard and Soft limits by using the commands as follows:

$ ulimit -Hn
$ ulimit -Sn

The number of concurrently open file descriptors throughout the system can be changed by editing /etc/sysctl.conf. You can increase the maximum number of open files by setting system-wide file descriptors limits as a new value in kernel variable in /proc/sys/fs/file-max as follows:

$ sysctl -w fs.file-max=200000     #it forces the limit to 200000 files

Then you should edit /etc/sysctl.conf file so that after reboot the setting will remain as you wished. To do so, add the following lines:

$ fs.file-max = 200000

No need to log out and log back in again, just type:

$ sysctl -p

Then you can verify changes by:

$ cat /proc/sys/fs/file-max

OR

$ sysctl fs.file-max

Then for changing Soft and Hard limits for users, it's better to login as root since a normal user can only change its Soft limit, Hard limits are managed by root. As You've mentioned, for doing it as root you should change User Level File-Discriptor (FD) in /etc/security/limits.conf. For instance if it's for Oracle user:

oracle           soft    nofile          4096
oracle           hard    nofile          63536

For seeing the changes, you do not need to reboot, just reloging via sudo -i and check if it works or not, so you can make sure what the problem is. And for users without login, you should do the following as root:

$ sudo -i -u <user>

BTW, you may be in need of editing /etc/pam.d/login file and add the following line:

$ session required pam_limits.so

pam_limit.so in /etc/pam.d/login means at login time but no on sudo while /etc/pam.d/sudo limits will also be applied when running sudo without "-i", you may also need apply the above changes in /etc/pam.d/system-auth depending on your needs. I recommend you read about PAM modules.

BTW, for instant applying limits to currently running processes you should do the following additionally to changing /etc/security/limits.conf:

$ prlimit

I recommend you read this article from RedHat, since you may face with:

On some Linux systems setting "hard" and "soft" limits in the following examples might not work properly when you log in as user oracle via SSH. It might work if you log in as root and su to oracle. If you have this problem try to set UsePrivilegeSeparation to "no" in /etc/ssh/sshd_config and restart the SSH daemon by executing service sshd restart. The privilege separation does not work properly with PAM on some Linux systems. Make sure to talk to the people in charge of security before disabling the SSH security feature "Privilege Separation".

I hope I could help. Good luck.

Solution 2

You may need check profile of someuser. When someuser login. profile can change its ulimit. Files to be check: /etc/profile /etc/bashrc ~someuser/.bash_profile ~someuser/.bashrc

715

LukLed

Updated on September 18, 2022

Comments

LukLed almost 2 years
I have a class:
```
public class Company
{    
    public System.Guid Id { get; set; }
    public Nullable<System.Guid> CreatedById { get; set; }    
    public virtual Users CreatedBy { get; set; }
}
```
I am adding new object of Company class to context and setting CreatedById field:
```
var newCompanyId = Guid.NewGuid();
var company = new Company();
company.Id = newCompanyId;
company.CreatedById = someId;

Context.Set<Company>().Add(company);
```
Then I am using the same context to retrieve company:
```
var retrievedCompany = Context.Set<Company>().FirstOrDefault(item => item.Id == newCompanyId);
```
retrievedCompany has type Company and it is not dynamic proxy, so navigation property called CreatedBy does not work.

Is it possible to get proxy instead?
- ocuenca about 9 years
  
  Do you don't turn off proxy creation:context.Configuration.ProxyCreationEnabled = false;
- Stephen Harris almost 8 years
  
  How are you logging in?
- Sam in MA almost 8 years
  
  Logging in via SSH -- this is an Openstack VM running in a private cloud -- as user someuser. Editing the two mentioned config files using sudo.
- Stephen Harris almost 8 years
  
  Are you using passwords or SSH keys?
- Sam in MA almost 8 years
  
  SSH key (PEM file)
- Nemo over 6 years
  
  Cf. unix.stackexchange.com/q/108603/59808
- Mark Norgren almost 6 years
  
  I just burned several hours tracing something similar. The answer was revealed by running strace on the process, as suggested by the fine folks at serverfault.com/questions/569288/…
Sam in MA almost 8 years

Here's what I have right now: $ cat /proc/sys/fs/file-max 100000 $ grep "fs.file-max" /etc/sysctl.conf fs.file-max = 100000 $ /opt/diagnostics/PerfTest/ ulimit -n 4096 --Sam
Sam in MA almost 8 years

Also added session required pam_limits.so to /etc/pam.d/login, logged out and back in, no change.
Matthias Menzel almost 8 years

@SaminMA You should change your ulimit yourself, I just said how you should increase your fs.file-max so it will allow you to change your hard limit.
Sam in MA almost 8 years

I can not change the ulimit for files (nofile) -- that's the entire point of my question. Despite having edited the 2 files mentioned in the title, and now also /etc/sysctl.conf and /etc/pam.d/login, per your suggestions, I still can not change the ulimit for files.
Mark Norgren almost 6 years

Modifying /etc/pam.d/login should be unnecessary, because login includes the common file system-auth (as do many other files in /etc/pam.d), and the latter actually requires pam_limits.so.
Miguel Mota about 4 years

I was going crazy for hours trying to figure it out. Your answer was spot on. Thanks