sevior
asked on
Solaris 11 kernel limits
OS release: Oracle Solaris 11.1 SPARC
Output from 'projects -l' for one of users:
projid : 101
comment: ""
users : (none)
groups : (none)
attribs: process.max-msg-messages=( priv,64000 ,deny)
process.max-msg-qbytes=(pr iv,65536,d eny)
process.max-sem-nsems=(pri v,1020,den y)
process.max-sem-ops=(priv, 1000,deny)
project.max-device-locked- memory=(pr iv,3.9G,de ny)
project.max-msg-ids=(priv, 2048,deny)
project.max-sem-ids=(priv, 2048,deny)
project.max-sem-nsems=(pri v,1024,den y)
project.max-sem-ops=(priv, 1024,deny)
project.max-shm-ids=(priv, 2000,deny)
project.max-shm-memory=(pr iv,4294967 296,deny)
Example from 'prctl $$' output for the same user:
project.max-sem-ids
privileged 128 - deny -
system 16.8M max deny -
I have two questions:
1) How to get rid of dups in the project?
2) Why the is difference in values between what's in project and what 'prctl' shows. The goal is to have (for example) max-sem-ids = 2048 for the user that runs application?
Thank you!
Output from 'projects -l' for one of users:
projid : 101
comment: ""
users : (none)
groups : (none)
attribs: process.max-msg-messages=(
process.max-msg-qbytes=(pr
process.max-sem-nsems=(pri
process.max-sem-ops=(priv,
project.max-device-locked-
project.max-msg-ids=(priv,
project.max-sem-ids=(priv,
project.max-sem-nsems=(pri
project.max-sem-ops=(priv,
project.max-shm-ids=(priv,
project.max-shm-memory=(pr
Example from 'prctl $$' output for the same user:
project.max-sem-ids
privileged 128 - deny -
system 16.8M max deny -
I have two questions:
1) How to get rid of dups in the project?
2) Why the is difference in values between what's in project and what 'prctl' shows. The goal is to have (for example) max-sem-ids = 2048 for the user that runs application?
Thank you!
ASKER
Dear Surrano -
outputs are in attached file.
Thank you!
outputs are in attached file.
Thank you!
ASKER
ASKER
Additional info:
if to run "prctl $$" after root "su - username" values in output shows as they are in the "project" - what needs to be done to user account "username" ? But, this is not an option in normal operation.
Thanks!
if to run "prctl $$" after root "su - username" values in output shows as they are in the "project" - what needs to be done to user account "username" ? But, this is not an option in normal operation.
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This was faster than I expected. To make the long story short: in your example the effective value will be max-sem-ops=1000 because process (set to 1000) takes precedence over project (set to 1024).
In other cases, the action may be different, in which case the process action takes precedence.(in your case, it's the same: "deny" in both entries)
In other cases, the action may be different, in which case the process action takes precedence.(in your case, it's the same: "deny" in both entries)
ASKER
Your statement
"- when ssh/login as username, output is inconsistent - when su - username, input is consistent"
IS CORRECT.
I do not have 'root' access myself - asking to "su - username" from 'root' session and redirect prctl output to file - then I can run 'diff' on these two outputs.
I will continue to work with individual who owns 'root' access.
Thank you.
"- when ssh/login as username, output is inconsistent - when su - username, input is consistent"
IS CORRECT.
I do not have 'root' access myself - asking to "su - username" from 'root' session and redirect prctl output to file - then I can run 'diff' on these two outputs.
I will continue to work with individual who owns 'root' access.
Thank you.
ASKER
Dear Surrano,
The first thing: I have found working system with
user.username:101::username::process.max-msg-messages =...
Then I was "working" around getting USERNAME in as you suggested and as working system has with 'root' guy.
Somehow he made it looks as:
ABCXYZ:101::username::process.max-msg-messages =(priv,655 36,deny),( priv,64000 ,deny);pro cess.max-s em-nsems=( priv,1020, deny);proc ess.max-se m-ops=(pri v,1000,den y);project .max-devic e-locked-m emory=(pri v,3.9G,den y);project .max-msg-i ds=(priv,2 048,deny); project.ma x-sem-ids= (priv,2048 ,deny);pro ject.max-s em-nsems=( priv,1024, deny);proj ect.max-se m-ops=(pri v,1024,den y);project .max-shm-i ds=(priv,2 048,deny), (priv,2048 ,deny),(pr iv,2000,de ny)
I am not sure if replacing "user.username" with "ABCXYZ" is good idea (is this just any name?), but at the end of the day values in 'prctl $$ look not what "project" file has, for example:
project.max-msg-ids
privileged 128 - deny -
system 16.8M max deny -
It seems that whatever is in section ABCXYZ of file 'project ' not available for OS user 'username'
Any thoughts?
Thank you!
The first thing: I have found working system with
user.username:101::username::process.max-msg-messages
Then I was "working" around getting USERNAME in as you suggested and as working system has with 'root' guy.
Somehow he made it looks as:
ABCXYZ:101::username::process.max-msg-messages
I am not sure if replacing "user.username" with "ABCXYZ" is good idea (is this just any name?), but at the end of the day values in 'prctl $$ look not what "project" file has, for example:
project.max-msg-ids
privileged 128 - deny -
system 16.8M max deny -
It seems that whatever is in section ABCXYZ of file 'project ' not available for OS user 'username'
Any thoughts?
Thank you!
The name of the project is used for determining the default project of the user.
If you use a different name, it won't be used by default. You can start a shell within that project using newtask:
newtask -v -p ABCXYZ
You can change the default project of the user in /etc/user_attr by adding a line like:
Cheers,
If you use a different name, it won't be used by default. You can start a shell within that project using newtask:
newtask -v -p ABCXYZ
You can change the default project of the user in /etc/user_attr by adding a line like:
username::::project=ABCXYZ
but first I'd ask the root user if it was really necessary to change the project's name from user.* to something unrelated.Cheers,
Open in new window
1) I believe you'll see that it's duplicate in /etc/project. You should use projmod to remove all occurrences and re-add a single occurrence.
2) The process may have a different project than the default for the user/group.