Link to home
Start Free TrialLog in
Avatar of Los Angeles1
Los Angeles1

asked on

RHEL 6 and /etc/security/limits.conf

I am on RHEL 6 and need to increase the limits for

  max open files

  max processes

Open in new window


I have the following config:

-bash-4.1$ cat /proc/sys/fs/file-max
14466720
-bash-4.1$ ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 1161386
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 10240
cpu time               (seconds, -t) unlimited
max user processes              (-u) 1024
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

Open in new window


Specifically, I need max open files to be unlimited and max processes to be 4096. for user mqm

I have no entries in my limits.conf file

How do I set up the  limits.conf file and what is the difference between hard and soft ?

Thanks
Avatar of wesly_chen
wesly_chen
Flag of United States of America image

Add those two lines into /etc/security/limits.conf
----------
*    hard    nofile   unlimited
*    hard    nproc    4096
Woo, for user mqm
-----------
mqm    soft     nofile   unlimited
mqm    hard    nproc    4096
-----------

Based on man page of ulimit:
----------
A hard limit cannot be increased once it is set;
a soft limit may be increased up to the value of the hard limit.
Avatar of Los Angeles1
Los Angeles1

ASKER

Would there be anything wrong with simply using the default entries:

*    hard    nofile   unlimited
*    hard    nproc    4096

without putting the values specifically for mqm ?
Would there be anything wrong with simply using the default entries:

*    hard    nofile   unlimited
*    hard    nproc    4096

without putting the values specifically for mqm ?


With the default entry it would set these limit for every user including mqm. After making these entry you need to log off and log in again to make the changes effective.
As I first post, which is I use for all the users most of time.

As your original question, you ask for specific for mqm. Therefore comes the second post.

I would not give eveyone unlimited for max open files (1024 is good for regular user), neither max processes for 4096 (1024 is enough).
I placed the following into my /etc/security/limits.conf, as in post 2 (limits for mqm)

mqm    soft    nofile   unlimited
mqm    hard    nproc    4096

Open in new window


Then I rebooted

I was still having problems with MQ (will not connect well with broker0

so I did the following:

[root@WEST5 security]# su - mqm

MQSI 7.0.0.2
/opt/ibm/mqsi/7.0

-bash-4.1$ whoami
mqm
-bash-4.1$ ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 1161386
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 10240
cpu time               (seconds, -t) unlimited
max user processes              (-u) 1024
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

Open in new window



Why would my max user processes still be 1024 ?
I changed the limits.conf to the following:

*    hard    nofile   unlimited
*    hard    nproc    4096

mqm    soft     nofile   unlimited
mqm    hard    nproc    4096

Open in new window


Now every time I log in as root, it accepts my pw, and pops right out of the putty session immediately

Same things happens if I log in through the GUI in the IMM

Any ideas how I can get back on the system ?

Thanks
> every time I log in as root, it accepts my pw, and pops right out of the putty session immediately
You dirrectly login as root, or "su -"?
I log in directly as root
Then can you login as regular user and su to root.
I am afraid I only have root and mqm defined as users, and do not know the native mqm pw
I did try loging into root from the GUI, but htat accepts my root pw, but then flashes me out
I can get into root now,   Took an emergency disk and changed the limits.conf file

At first I did the following limits.conf file:

mqm    soft    nofile   unlimited
mqm    hard    nproc    4096

Then I rebooted and did a ulimit -a:

7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:

      

[root@WEST5 security]# su - mqm

MQSI 7.0.0.2
/opt/ibm/mqsi/7.0

-bash-4.1$ whoami
mqm
-bash-4.1$ ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 1161386
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 10240
cpu time               (seconds, -t) unlimited
max user processes              (-u) 1024
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

Notice the max user processes is still 1024, even thoug I set it to 096, so thinking that the default noprocs was acting as a ceiling (preventing anything from going over 1024, I set the following

So I set the following (which got me into trouble), could not log in:

*    hard    nofile   unlimited
*    hard    nproc    4096

mqm    soft     nofile   unlimited
mqm    hard    nproc    4096

Now I have limits.conf back to this:

mqm    soft     nofile   unlimited
mqm    hard    nproc    4096

but I am back to my question, why does it not increase the max user processes above 1024, and how can I get it to allow 4096 for mqm
I can get into root now,   Took an emergency disk and changed the limits.conf

At first I did the following limits.conf file:

mqm    soft    nofile   unlimited
mqm    hard    nproc    4096

Open in new window


Then I rebooted and did a ulimit -a:

su - mqm

MQSI 7.0.0.2
/opt/ibm/mqsi/7.0

-bash-4.1$ whoami
mqm
-bash-4.1$ ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 1161386
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 10240
cpu time               (seconds, -t) unlimited
max user processes              (-u) 1024
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

Open in new window


Notice the max user processes is still 1024, even thoug I set it to 096, so thinking that the default noprocs was acting as a ceiling (preventing anything from going over 1024, I set the following

So I set the following (which got me into trouble), could not log in:

*    hard    nofile   unlimited
*    hard    nproc    4096

mqm    soft     nofile   unlimited
mqm    hard    nproc    4096

Open in new window


Now I have limits.conf back to this (in order to get it to login back into root sucessfully)

mqm    soft     nofile   unlimited
mqm    hard    nproc    4096

Open in new window


but I am back to my question, why does it not increase the max user processes above 1024, and how can I get it to allow 4096 for mqm
It looks like the PAM configuration issue.
Could you post
# cd /etc/pam.d
# grep limits *
[root@WEST5 /]# cd etc
[root@WEST5 etc]# cd pam.d
[root@WEST5 pam.d]#
[root@WEST5 pam.d]# grep limits *
fingerprint-auth:session     required      pam_limits.so
fingerprint-auth-ac:session     required      pam_limits.so
password-auth:session     required      pam_limits.so
password-auth-ac:session     required      pam_limits.so
runuser:session         required        pam_limits.so
smartcard-auth:session     required      pam_limits.so
smartcard-auth-ac:session     required      pam_limits.so
sudo:session    required     pam_limits.so
sudo-i:session    required     pam_limits.so
system-auth:session     required      pam_limits.so
system-auth-ac:session     required      pam_limits.so
[root@WEST5 pam.d]#

Open in new window

Does this indicate a PAM problem.  Does this mean PAM is not an issue.

Any ideas
I need to do some investigation.
Back to your orignal request. Could you
su - mqa
and added the following into ~/.bashrc
---------
ulimit -Hn unlimited
ulimit -Hu 4096
--------
and see if this work?

By the way, set a password for "mqm" in case of this issue you encounter before.
(as root)
# passwd mqm
<type in password twice>
I created the following .bashrc in /var/mqm

echo This is line 1, .bashrc
ulimit -Hn unlimited
echo This is line 2, .bashrc
ulimit -Hu 4096
echo This is line 3, .bashrc
. /opt/ibm/mqsi/7.0/bin/mqsiprofile

Open in new window


I created the following .bash_profile in /var/mqm

echo This is line 1, .bash_profile
ulimit -Hn unlimited
echo This is line 2, .bash_profile
ulimit -Hu 4096
echo This is line 3, .bash_profile
. /opt/ibm/mqsi/7.0/bin/mqsiprofile

Open in new window



I performed the following:

[root@WEST5 mqm]# su mqm
This is line 1, .bashrc
bash: ulimit: open files: cannot modify limit: Operation not permitted
This is line 2, .bashrc
This is line 3, .bashrc

MQSI 7.0.0.2
/opt/ibm/mqsi/7.0

bash-4.1$ ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 1161386
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 10240
cpu time               (seconds, -t) unlimited
max user processes              (-u) 1024
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

Open in new window



And then did the login:

bash-4.1$ exit
exit
[root@WEST5 mqm]# su - mqm
This is line 1, .bash_profile
-bash: ulimit: open files: cannot modify limit: Operation not permitted
This is line 2, .bash_profile
This is line 3, .bash_profile

MQSI 7.0.0.2
/opt/ibm/mqsi/7.0

-bash-4.1$ ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 1161386
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 10240
cpu time               (seconds, -t) unlimited
max user processes              (-u) 1024
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

Open in new window



So the command will not allow me to change the nofiles, it does allow
the -Hu, but the max user value is not updated

Could there be an issue with the default user limits not being set
to a higher liit, and thus acting as a ceiling or bottleneck to
the individual user limits ?
What's the output of
ulimit -Ha
I performed the following:

[root@WEST5 ~]#
[root@WEST5 ~]#
[root@WEST5 ~]#
[root@WEST5 ~]# su mqm
This is line 1, .bashrc
bash: ulimit: open files: cannot modify limit: Operation not permitted
This is line 2, .bashrc
This is line 3, .bashrc

MQSI 7.0.0.2
/opt/ibm/mqsi/7.0

bash-4.1$ ulimit -Ha
core file size          (blocks, -c) unlimited
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 1161386
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) unlimited
cpu time               (seconds, -t) unlimited
max user processes              (-u) 4096
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited
bash-4.1$
bash-4.1$ ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 1161386
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 10240
cpu time               (seconds, -t) unlimited
max user processes              (-u) 1024
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited
bash-4.1$
bash-4.1$
bash-4.1$ exit
exit
[root@WEST5 ~]#
[root@WEST5 ~]#
[root@WEST5 ~]# su - mqm
This is line 1, .bash_profile
-bash: ulimit: open files: cannot modify limit: Operation not permitted
This is line 2, .bash_profile
This is line 3, .bash_profile

MQSI 7.0.0.2
/opt/ibm/mqsi/7.0

-bash-4.1$ ulimit -Ha
core file size          (blocks, -c) unlimited
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 1161386
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) unlimited
cpu time               (seconds, -t) unlimited
max user processes              (-u) 4096
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited
-bash-4.1$
-bash-4.1$ ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 1161386
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 10240
cpu time               (seconds, -t) unlimited
max user processes              (-u) 1024
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

Open in new window


Prior to that I perofmred the following from root

root@WEST5 ~]# ulimit -Ha
core file size          (blocks, -c) unlimited
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 1161386
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) unlimited
cpu time               (seconds, -t) unlimited
max user processes              (-u) 1161386
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited
[root@WEST5 ~]#

Open in new window



As root, do
ulimit -Hn unlimited
And login as mqm to see the result
The operation is not permitted under  root

[root@WEST5 ~]# whoami
root
[root@WEST5 ~]# ulimit -Hn unlimited
-bash: ulimit: open files: cannot modify limit: Operation not permitted
[root@WEST5 ~]#
[root@WEST5 ~]# su - mqm
This is line 1, .bash_profile
-bash: ulimit: open files: cannot modify limit: Operation not permitted
This is line 2, .bash_profile
This is line 3, .bash_profile

MQSI 7.0.0.2
/opt/ibm/mqsi/7.0

-bash-4.1$ ulimit -Ha
core file size          (blocks, -c) unlimited
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 1161386
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) unlimited
cpu time               (seconds, -t) unlimited
max user processes              (-u) 4096
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

Open in new window

It seems there are some change from RHEL 5 to RHEL6
https://groups.google.com/a/cloudera.org/group/cdh-user/browse_thread/thread/ec7a6ecf986f5f59

I don't have RHEL 6 at hands.
Could you post /etc/security/limits.conf here?
This is my RHEL 6 limits.conf (with modifications

[root@WEST5 security]# pwd
/etc/security
[root@WEST5 security]# cat limits.conf
# /etc/security/limits.conf
#
#Each line describes a limit for a user in the form:
#
#<domain>        <type>  <item>  <value>
#
#Where:
#<domain> can be:
#        - an user name
#        - a group name, with @group syntax
#        - the wildcard *, for default entry
#        - the wildcard %, can be also used with %group syntax,
#                 for maxlogin limit
#
#<type> can have the two values:
#        - "soft" for enforcing the soft limits
#        - "hard" for enforcing hard limits
#
#<item> can be one of the following:
#        - core - limits the core file size (KB)
#        - data - max data size (KB)
#        - fsize - maximum filesize (KB)
#        - memlock - max locked-in-memory address space (KB)
#        - nofile - max number of open files
#        - rss - max resident set size (KB)
#        - stack - max stack size (KB)
#        - cpu - max CPU time (MIN)
#        - nproc - max number of processes
#        - as - address space limit (KB)
#        - maxlogins - max number of logins for this user
#        - maxsyslogins - max number of logins on the system
#        - priority - the priority to run user process with
#        - locks - max number of file locks the user can hold
#        - sigpending - max number of pending signals
#        - msgqueue - max memory used by POSIX message queues (bytes)
#        - nice - max nice priority allowed to raise to values: [-20, 19]
#        - rtprio - max realtime priority
#
#<domain>      <type>  <item>         <value>
#

#*               soft    core            0
#*               hard    rss             10000
#@student        hard    nproc           20
#@faculty        soft    nproc           20
#@faculty        hard    nproc           50
#ftp             hard    nproc           0
#@student        -       maxlogins       4


#*      hard    nofile   unlimited
#*      hard    nproc    4096

mqm    soft    nofile   unlimited
mqm    hard    nproc    4096

# End of file
[root@WEST5 security]#

Open in new window


Obviously the following lines were my modifications:

#*      hard    nofile   unlimited
#*      hard    nproc    4096

mqm    soft    nofile   unlimited
mqm    hard    nproc    4096

Open in new window

Please change to
mqm    soft     nofile   10000
mqm    hard    nofile   unlimited
mqm    hard    nproc    4096

Then logout and login again for mqm.
After the change the OS could not open the mqm session

[root@WEST5 ~]# cd /etc
[root@WEST5 etc]# cd security
[root@WEST5 security]# cat limits.conf
# /etc/security/limits.conf
#
#Each line describes a limit for a user in the form:
#
#<domain>        <type>  <item>  <value>
#
#Where:
#<domain> can be:
#        - an user name
#        - a group name, with @group syntax
#        - the wildcard *, for default entry
#        - the wildcard %, can be also used with %group syntax,
#                 for maxlogin limit
#
#<type> can have the two values:
#        - "soft" for enforcing the soft limits
#        - "hard" for enforcing hard limits
#
#<item> can be one of the following:
#        - core - limits the core file size (KB)
#        - data - max data size (KB)
#        - fsize - maximum filesize (KB)
#        - memlock - max locked-in-memory address space (KB)
#        - nofile - max number of open files
#        - rss - max resident set size (KB)
#        - stack - max stack size (KB)
#        - cpu - max CPU time (MIN)
#        - nproc - max number of processes
#        - as - address space limit (KB)
#        - maxlogins - max number of logins for this user
#        - maxsyslogins - max number of logins on the system
#        - priority - the priority to run user process with
#        - locks - max number of file locks the user can hold
#        - sigpending - max number of pending signals
#        - msgqueue - max memory used by POSIX message queues (bytes)
#        - nice - max nice priority allowed to raise to values: [-20, 19]
#        - rtprio - max realtime priority
#
#<domain>      <type>  <item>         <value>
#

#*               soft    core            0
#*               hard    rss             10000
#@student        hard    nproc           20
#@faculty        soft    nproc           20
#@faculty        hard    nproc           50
#ftp             hard    nproc           0
#@student        -       maxlogins       4

mqm    soft     nofile   10000
mqm    hard     nofile   unlimited
mqm    hard     nproc    4096

# End of file
[root@WEST5 security]#
[root@WEST5 security]# su mqm
could not open session
[root@WEST5 security]# su - mqm
could not open session
[root@WEST5 security]#

Open in new window





[root@WEST5 security]# ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 1161386
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 10240
cpu time               (seconds, -t) unlimited
max user processes              (-u) 1024
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited
[root@WEST5 security]#
[root@WEST5 security]# ulimit -Ha
core file size          (blocks, -c) unlimited
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 1161386
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) unlimited
cpu time               (seconds, -t) unlimited
max user processes              (-u) 1161386
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

Open in new window

From your original post:
> $ cat /proc/sys/fs/file-max
> 14466720
This is the system wide setting (limit).
So the hard ulimit can not go beyond that.
You can increase it by (permanently) by edit /etc/sysctl.conf
------------
fs.file-max = 28866720
-----------
Then as root, run
# sysctl -p

Then in /etc/security/limits.conf
------
mqm    hard    nofile   28866720   # less or equal than fs.file-max value
-------

Also change ~mqm/.bashrc
---
ulimit -Hn 28866720   # less or equal than fs.file-max value
--
On one putty session I performed the folowing:

login as: root
root@10.14.7.17's password:
Last login: Fri Apr 22 16:47:37 2011 from 10.14.100.2
[root@WEST5 ~]#
[root@WEST5 ~]# cd /etc
[root@WEST5 etc]# sysctl -p sysctl.conf
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key
error: "net.bridge.bridge-nf-call-iptables" is an unknown key
error: "net.bridge.bridge-nf-call-arptables" is an unknown key
kernel.msgmni = 1024
kernel.shmmni = 4096
kernel.shmall = 2097152
kernel.sem = 500 256000 250 1024
fs.file-max = 32768
net.ipv4.tcp_keepalive_time = 300
fs.file-max = 28866720
[root@WEST5 etc]#
[root@WEST5 etc]#
[root@WEST5 etc]# cd security
[root@WEST5 security]# cat limits.conf
# /etc/security/limits.conf
#
#Each line describes a limit for a user in the form:
#
#<domain>        <type>  <item>  <value>
#
#Where:
#<domain> can be:
#        - an user name
#        - a group name, with @group syntax
#        - the wildcard *, for default entry
#        - the wildcard %, can be also used with %group syntax,
#                 for maxlogin limit
#
#<type> can have the two values:
#        - "soft" for enforcing the soft limits
#        - "hard" for enforcing hard limits
#
#<item> can be one of the following:
#        - core - limits the core file size (KB)
#        - data - max data size (KB)
#        - fsize - maximum filesize (KB)
#        - memlock - max locked-in-memory address space (KB)
#        - nofile - max number of open files
#        - rss - max resident set size (KB)
#        - stack - max stack size (KB)
#        - cpu - max CPU time (MIN)
#        - nproc - max number of processes
#        - as - address space limit (KB)
#        - maxlogins - max number of logins for this user
#        - maxsyslogins - max number of logins on the system
#        - priority - the priority to run user process with
#        - locks - max number of file locks the user can hold
#        - sigpending - max number of pending signals
#        - msgqueue - max memory used by POSIX message queues (bytes)
#        - nice - max nice priority allowed to raise to values: [-20, 19]
#        - rtprio - max realtime priority
#
#<domain>      <type>  <item>         <value>
#

#*               soft    core            0
#*               hard    rss             10000
#@student        hard    nproc           20
#@faculty        soft    nproc           20
#@faculty        hard    nproc           50
#ftp             hard    nproc           0
#@student        -       maxlogins       4


mqm    soft     nofile   28866720
mqm    hard    nproc    4096


# End of file

Open in new window



Then I close the putty session and perform the following:

login as: root
root@10.14.7.17's password:
Last login: Fri Apr 22 17:34:46 2011 from 10.14.100.2
[root@WEST5 ~]#
[root@WEST5 ~]#
[root@WEST5 ~]# ulimit -Ha
core file size          (blocks, -c) unlimited
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 1161386
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) unlimited
cpu time               (seconds, -t) unlimited
max user processes              (-u) 1161386
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited
[root@WEST5 ~]# ulimit -Hn 28866720
-bash: ulimit: open files: cannot modify limit: Operation not permitted

Open in new window



It does not seem to change the value of the open files
1. The output of "sysctl -p"
> fs.file-max = 32768
> net.ipv4.tcp_keepalive_time = 300
> fs.file-max = 28866720

It looks like you set fs.file-max twice. Please take out "fs.file-max = 32768" and do "sysctl -p" again.
The first one "fs.file-max = 32768" is the cause that ulimit -Hn failed for mqm before.

2.
> [root@WEST5 ~]# ulimit -Ha
You did not set ulimit for root.
Please do
su - mqm
and see the "ulimit -Ha"
In one putty session I perform the following:

login as: root
root@10.14.7.17's password:
Last login: Fri Apr 22 17:55:11 2011 from 10.14.100.2
[root@WEST5 ~]#
[root@WEST5 ~]# cd /etc
[root@WEST5 etc]# sysctl -p sysctl.conf
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key
error: "net.bridge.bridge-nf-call-iptables" is an unknown key
error: "net.bridge.bridge-nf-call-arptables" is an unknown key
kernel.msgmni = 1024
kernel.shmmni = 4096
kernel.shmall = 2097152
kernel.sem = 500 256000 250 1024
net.ipv4.tcp_keepalive_time = 300
fs.file-max = 28866720
[root@WEST5 etc]#
[root@WEST5 etc]#
[root@WEST5 etc]# cd security
[root@WEST5 security]# cat limits.conf
# /etc/security/limits.conf
#
#Each line describes a limit for a user in the form:
#
#<domain>        <type>  <item>  <value>
#
#Where:
#<domain> can be:
#        - an user name
#        - a group name, with @group syntax
#        - the wildcard *, for default entry
#        - the wildcard %, can be also used with %group syntax,
#                 for maxlogin limit
#
#<type> can have the two values:
#        - "soft" for enforcing the soft limits
#        - "hard" for enforcing hard limits
#
#<item> can be one of the following:
#        - core - limits the core file size (KB)
#        - data - max data size (KB)
#        - fsize - maximum filesize (KB)
#        - memlock - max locked-in-memory address space (KB)
#        - nofile - max number of open files
#        - rss - max resident set size (KB)
#        - stack - max stack size (KB)
#        - cpu - max CPU time (MIN)
#        - nproc - max number of processes
#        - as - address space limit (KB)
#        - maxlogins - max number of logins for this user
#        - maxsyslogins - max number of logins on the system
#        - priority - the priority to run user process with
#        - locks - max number of file locks the user can hold
#        - sigpending - max number of pending signals
#        - msgqueue - max memory used by POSIX message queues (bytes)
#        - nice - max nice priority allowed to raise to values: [-20, 19]
#        - rtprio - max realtime priority
#
#<domain>      <type>  <item>         <value>
#

#*               soft    core            0
#*               hard    rss             10000
#@student        hard    nproc           20
#@faculty        soft    nproc           20
#@faculty        hard    nproc           50
#ftp             hard    nproc           0
#@student        -       maxlogins       4


mqm    soft     nofile   28866720
mqm    hard    nproc    4096


# End of file
[root@WEST5 security]#


IN another putty session:

login as: root
root@10.14.7.17's password:
Last login: Fri Apr 22 17:55:59 2011 from 10.14.100.2
[root@WEST5 ~]#
[root@WEST5 ~]#
[root@WEST5 ~]# su mqm

MQSI 7.0.0.2
/opt/ibm/mqsi/7.0

bash-4.1$ ulimit -Hn 28866720
bash: ulimit: open files: cannot modify limit: Operation not permitted
bash-4.1$
In one putty session I perform the following:

login as: root
root@10.14.7.17's password:
Last login: Fri Apr 22 17:55:11 2011 from 10.14.100.2
[root@WEST5 ~]#
[root@WEST5 ~]# cd /etc
[root@WEST5 etc]# sysctl -p sysctl.conf
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key
error: "net.bridge.bridge-nf-call-iptables" is an unknown key
error: "net.bridge.bridge-nf-call-arptables" is an unknown key
kernel.msgmni = 1024
kernel.shmmni = 4096
kernel.shmall = 2097152
kernel.sem = 500 256000 250 1024
net.ipv4.tcp_keepalive_time = 300
fs.file-max = 28866720
[root@WEST5 etc]#
[root@WEST5 etc]#
[root@WEST5 etc]# cd security
[root@WEST5 security]# cat limits.conf
# /etc/security/limits.conf
#
#Each line describes a limit for a user in the form:
#
#<domain>        <type>  <item>  <value>
#
#Where:
#<domain> can be:
#        - an user name
#        - a group name, with @group syntax
#        - the wildcard *, for default entry
#        - the wildcard %, can be also used with %group syntax,
#                 for maxlogin limit
#
#<type> can have the two values:
#        - "soft" for enforcing the soft limits
#        - "hard" for enforcing hard limits
#
#<item> can be one of the following:
#        - core - limits the core file size (KB)
#        - data - max data size (KB)
#        - fsize - maximum filesize (KB)
#        - memlock - max locked-in-memory address space (KB)
#        - nofile - max number of open files
#        - rss - max resident set size (KB)
#        - stack - max stack size (KB)
#        - cpu - max CPU time (MIN)
#        - nproc - max number of processes
#        - as - address space limit (KB)
#        - maxlogins - max number of logins for this user
#        - maxsyslogins - max number of logins on the system
#        - priority - the priority to run user process with
#        - locks - max number of file locks the user can hold
#        - sigpending - max number of pending signals
#        - msgqueue - max memory used by POSIX message queues (bytes)
#        - nice - max nice priority allowed to raise to values: [-20, 19]
#        - rtprio - max realtime priority
#
#<domain>      <type>  <item>         <value>
#

#*               soft    core            0
#*               hard    rss             10000
#@student        hard    nproc           20
#@faculty        soft    nproc           20
#@faculty        hard    nproc           50
#ftp             hard    nproc           0
#@student        -       maxlogins       4


mqm    soft     nofile   28866720
mqm    hard    nproc    4096


# End of file
[root@WEST5 security]#

Open in new window



IN another putty session:

login as: root
root@10.14.7.17's password:
Last login: Fri Apr 22 17:55:59 2011 from 10.14.100.2
[root@WEST5 ~]#
[root@WEST5 ~]#
[root@WEST5 ~]# su mqm

MQSI 7.0.0.2
/opt/ibm/mqsi/7.0

bash-4.1$ ulimit -Hn 28866720
bash: ulimit: open files: cannot modify limit: Operation not permitted
bash-4.1$

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of wesly_chen
wesly_chen
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
[root@WEST5 etc]# pwd
/etc
[root@WEST5 etc]# sysctl -p sysctl.conf
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key
error: "net.bridge.bridge-nf-call-iptables" is an unknown key
error: "net.bridge.bridge-nf-call-arptables" is an unknown key
kernel.msgmni = 1024
kernel.shmmni = 4096
kernel.shmall = 2097152
kernel.sem = 500 256000 250 1024
net.ipv4.tcp_keepalive_time = 300
fs.file-max = 28866720
[root@WEST5 etc]#
[root@WEST5 etc]#
[root@WEST5 etc]# cat /proc/sys/fs/file-max
28866720
[root@WEST5 etc]#
[root@WEST5 etc]# cat /etc/security/limits.conf
# /etc/security/limits.conf
#
#Each line describes a limit for a user in the form:
#
#<domain>        <type>  <item>  <value>
#
#Where:
#<domain> can be:
#        - an user name
#        - a group name, with @group syntax
#        - the wildcard *, for default entry
#        - the wildcard %, can be also used with %group syntax,
#                 for maxlogin limit
#
#<type> can have the two values:
#        - "soft" for enforcing the soft limits
#        - "hard" for enforcing hard limits
#
#<item> can be one of the following:
#        - core - limits the core file size (KB)
#        - data - max data size (KB)
#        - fsize - maximum filesize (KB)
#        - memlock - max locked-in-memory address space (KB)
#        - nofile - max number of open files
#        - rss - max resident set size (KB)
#        - stack - max stack size (KB)
#        - cpu - max CPU time (MIN)
#        - nproc - max number of processes
#        - as - address space limit (KB)
#        - maxlogins - max number of logins for this user
#        - maxsyslogins - max number of logins on the system
#        - priority - the priority to run user process with
#        - locks - max number of file locks the user can hold
#        - sigpending - max number of pending signals
#        - msgqueue - max memory used by POSIX message queues (bytes)
#        - nice - max nice priority allowed to raise to values: [-20, 19]
#        - rtprio - max realtime priority
#
#<domain>      <type>  <item>         <value>
#

#*               soft    core            0
#*               hard    rss             10000
#@student        hard    nproc           20
#@faculty        soft    nproc           20
#@faculty        hard    nproc           50
#ftp             hard    nproc           0
#@student        -       maxlogins       4


mqm    soft     nofile   28866720
mqm    hard    nproc    4096


# End of file
[root@WEST5 etc]# su - mqm

MQSI 7.0.0.2
/opt/ibm/mqsi/7.0

-bash-4.1$ ulimit -Ha
core file size          (blocks, -c) unlimited
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 1161386
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) unlimited
cpu time               (seconds, -t) unlimited
max user processes              (-u) 4096
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited
-bash-4.1$

Open in new window

I think I found the problem.

First, I can not go past a certain limit when I set nofiles, (which I was attempting to do)

[root@WEST5 ~]# ulimit -n 1000000
[root@WEST5 ~]# ulimit -n 2000000
-bash: ulimit: open files: cannot modify limit: Operation not permitted
[root@WEST5 ~]#

Open in new window


Second, sysctl does not apparently change the nofiles:

[root@WEST5 ~]# cd /etc
[root@WEST5 etc]# sysctl -p sysctl.conf
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key
error: "net.bridge.bridge-nf-call-iptables" is an unknown key
error: "net.bridge.bridge-nf-call-arptables" is an unknown key
kernel.msgmni = 1024
kernel.shmmni = 4096
kernel.shmall = 2097152
kernel.sem = 500 256000 250 1024
net.ipv4.tcp_keepalive_time = 300
fs.file-max = 32768
[root@WEST5 etc]# ulimit -Ha
core file size          (blocks, -c) unlimited
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 1161386
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) unlimited
cpu time               (seconds, -t) unlimited
max user processes              (-u) 1161386
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

Open in new window


What does work is to set ulimit as root, and it trickles down to mqm:

login as: root
root@10.14.7.17's password:
Last login: Mon Apr 25 12:50:18 2011 from 10.14.100.2
[root@WEST5 ~]# cat .bashrc
# .bashrc

# User specific aliases and functions

alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'

# Source global definitions
if [ -f /etc/bashrc ]; then
        . /etc/bashrc
fi

ulimit -n 32768

[root@WEST5 ~]# ulimit -Ha
core file size          (blocks, -c) unlimited
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 1161386
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 32768
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) unlimited
cpu time               (seconds, -t) unlimited
max user processes              (-u) 1161386
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited
[root@WEST5 ~]#
[root@WEST5 ~]#
[root@WEST5 ~]# su mqm

MQSI 7.0.0.2
/opt/ibm/mqsi/7.0

bash-4.1$ ulimit -Ha
core file size          (blocks, -c) unlimited
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 1161386
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 32768
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) unlimited
cpu time               (seconds, -t) unlimited
max user processes              (-u) 4096
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited
bash-4.1$

Open in new window


Thank you for your help
This worked to change Max User Processes.

Obtained information from http://nonfunctionaltestingtools.blogspot.com/2012/09/in-one-of-our-new-machines-we-are.html

In /etc/security/limits.d/90-nproc.conf change the soft nproc from 1024 to 15349:
*          soft    nproc     15349

This change is not applied until the user logs out and then logs back in.

$ ulimit -u
15349