Solaris 11 kernel limits

OS release: Oracle Solaris 11.1 SPARC
Output from 'projects -l' for one of users:

        projid : 101
        comment: ""
        users  : (none)
        groups : (none)
        attribs: process.max-msg-messages=(priv,64000,deny)
                 process.max-msg-qbytes=(priv,65536,deny)
                 process.max-sem-nsems=(priv,1020,deny)
                 process.max-sem-ops=(priv,1000,deny)
                 project.max-device-locked-memory=(priv,3.9G,deny)
                 project.max-msg-ids=(priv,2048,deny)
                 project.max-sem-ids=(priv,2048,deny)
                 project.max-sem-nsems=(priv,1024,deny)
                 project.max-sem-ops=(priv,1024,deny)
                 project.max-shm-ids=(priv,2000,deny)
                 project.max-shm-memory=(priv,4294967296,deny)

Example from 'prctl $$' output for the same user:

project.max-sem-ids
        privileged        128       -   deny                                 -
        system          16.8M     max   deny                                 -

I have two questions:
1) How to get rid of dups in the project?
2) Why the is difference in values between what's in project and what 'prctl' shows. The goal is to have (for example) max-sem-ids = 2048 for the user that runs application?

Thank you!
seviorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SurranoSystem EngineerCommented:
Can you please post the full output of following?

id -p
prctl -i project 101
prctl -i process $$
projects -l `grep 101 /etc/project |cut -d: -f1`
grep :101: /etc/project
ps -o projid,project,args -p $$

Open in new window


1) I believe you'll see that it's duplicate in /etc/project. You should use projmod to remove all occurrences and re-add a single occurrence.
2) The process may have a different project than the default for the user/group.
0
seviorAuthor Commented:
Dear Surrano -
outputs are in attached file.

Thank you!
0
seviorAuthor Commented:
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

seviorAuthor Commented:
Additional info:
if to run "prctl $$" after root "su - username" values in output shows as they are in the "project" - what needs to be done to user account "username" ? But, this is not an option in normal operation.

Thanks!
0
SurranoSystem EngineerCommented:
So to clarify please confirm:
- when ssh/login as username, output is inconsistent
- when su - username, input is consistent
Right?

Assume the output you attached was with ssh/login and not with su, right?
It seems there are several inconsistencies in /etc/project. Did you (or someone) edit it manually, or only by means of projmod command and its affiliates?

1. Dups are there as I suspected:
user.username:101::::process.max-msg-messages=(priv,64000,deny);process.max-msg-qbytes=(priv,65536,deny);process.max-sem-nsems=(priv,1020,deny);process.max-sem-ops=(priv,1000,deny);project.max-device-locked-memory=(priv,3.9G,deny);project.max-msg-ids=(priv,2048,deny);project.max-sem-ids=(priv,2048,deny);project.max-sem-nsems=(priv,1024,deny);project.max-sem-ops=(priv,1024,deny);project.max-shm-ids=(priv,2000,deny);project.max-shm-memory=(priv,4294967296,deny)
Note that one of them is process.* while the other one is project.*; I haven't encountered any practical difference in my experience but I'll lookup theory behind and update you accordingly.

2. The fourth field in the file should be the user list, like this:
user.username:101::username::process.max-msg-messages=...

in projects -l:
user.username
        projid : 101
        comment: ""
       users  : (none)
        groups : (none)


Try this:
# to add user to project
projmod -a -U username user.username
# to eliminate duplicates, e.g. max-sem-ops=1024 in this example:
projmod -r -K 'project.max-sem-ops=(priv,1024,deny)" user.username

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SurranoSystem EngineerCommented:
This was faster than I expected. To make the long story short: in your example the effective value will be max-sem-ops=1000 because process (set to 1000) takes precedence over project (set to 1024).

In other cases, the action may be different, in which case the process action takes precedence.(in your case, it's the same: "deny" in both entries)
0
seviorAuthor Commented:
Your statement
"- when ssh/login as username, output is inconsistent   - when su - username, input is consistent"
IS CORRECT.
I do not have 'root' access myself - asking to "su - username" from 'root' session and redirect prctl output to file - then I can run 'diff' on these two outputs.

I will continue to work with individual who owns 'root' access.

Thank you.
0
seviorAuthor Commented:
Dear Surrano,

The first thing: I have found working system with
user.username:101::username::process.max-msg-messages=...
Then I was "working" around getting USERNAME in as you suggested and as working system has with 'root' guy.
Somehow he made it looks as:
ABCXYZ:101::username::process.max-msg-messages=(priv,65536,deny),(priv,64000,deny);process.max-sem-nsems=(priv,1020,deny);process.max-sem-ops=(priv,1000,deny);project.max-device-locked-memory=(priv,3.9G,deny);project.max-msg-ids=(priv,2048,deny);project.max-sem-ids=(priv,2048,deny);project.max-sem-nsems=(priv,1024,deny);project.max-sem-ops=(priv,1024,deny);project.max-shm-ids=(priv,2048,deny),(priv,2048,deny),(priv,2000,deny)

I am not sure if replacing "user.username" with "ABCXYZ" is good idea (is this just any name?), but at the end of the day values in 'prctl $$ look not what "project" file has, for example:
project.max-msg-ids
        privileged        128       -   deny                                 -
        system          16.8M     max   deny                                 -

It seems that whatever is in section ABCXYZ of file 'project ' not available for OS user 'username'

Any thoughts?
Thank you!
0
SurranoSystem EngineerCommented:
The name of the project is used for determining the default project of the user.
If you use a different name, it won't be used by default. You can start a shell within that project using newtask:
newtask -v -p ABCXYZ

You can change the default project of the user in /etc/user_attr by adding a line like:
username::::project=ABCXYZ

Open in new window

but first I'd ask the root user if it was really necessary to change the project's name from user.* to something unrelated.

Cheers,
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Unix OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.