Solaris 11 kernel limits

Posted on 2014-07-22
Last Modified: 2014-07-30
OS release: Oracle Solaris 11.1 SPARC
Output from 'projects -l' for one of users:

        projid : 101
        comment: ""
        users  : (none)
        groups : (none)
        attribs: process.max-msg-messages=(priv,64000,deny)

Example from 'prctl $$' output for the same user:

        privileged        128       -   deny                                 -
        system          16.8M     max   deny                                 -

I have two questions:
1) How to get rid of dups in the project?
2) Why the is difference in values between what's in project and what 'prctl' shows. The goal is to have (for example) max-sem-ids = 2048 for the user that runs application?

Thank you!
Question by:sevior
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4

Expert Comment

ID: 40213665
Can you please post the full output of following?

id -p
prctl -i project 101
prctl -i process $$
projects -l `grep 101 /etc/project |cut -d: -f1`
grep :101: /etc/project
ps -o projid,project,args -p $$

Open in new window

1) I believe you'll see that it's duplicate in /etc/project. You should use projmod to remove all occurrences and re-add a single occurrence.
2) The process may have a different project than the default for the user/group.

Author Comment

ID: 40214075
Dear Surrano -
outputs are in attached file.

Thank you!

Author Comment

ID: 40214081
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 40214582
Additional info:
if to run "prctl $$" after root "su - username" values in output shows as they are in the "project" - what needs to be done to user account "username" ? But, this is not an option in normal operation.


Accepted Solution

Surrano earned 500 total points
ID: 40214695
So to clarify please confirm:
- when ssh/login as username, output is inconsistent
- when su - username, input is consistent

Assume the output you attached was with ssh/login and not with su, right?
It seems there are several inconsistencies in /etc/project. Did you (or someone) edit it manually, or only by means of projmod command and its affiliates?

1. Dups are there as I suspected:
Note that one of them is process.* while the other one is project.*; I haven't encountered any practical difference in my experience but I'll lookup theory behind and update you accordingly.

2. The fourth field in the file should be the user list, like this:

in projects -l:
        projid : 101
        comment: ""
       users  : (none)
        groups : (none)

Try this:
# to add user to project
projmod -a -U username user.username
# to eliminate duplicates, e.g. max-sem-ops=1024 in this example:
projmod -r -K 'project.max-sem-ops=(priv,1024,deny)" user.username

Open in new window


Expert Comment

ID: 40214721
This was faster than I expected. To make the long story short: in your example the effective value will be max-sem-ops=1000 because process (set to 1000) takes precedence over project (set to 1024).

In other cases, the action may be different, in which case the process action takes precedence.(in your case, it's the same: "deny" in both entries)

Author Comment

ID: 40214768
Your statement
"- when ssh/login as username, output is inconsistent   - when su - username, input is consistent"
I do not have 'root' access myself - asking to "su - username" from 'root' session and redirect prctl output to file - then I can run 'diff' on these two outputs.

I will continue to work with individual who owns 'root' access.

Thank you.

Author Comment

ID: 40217413
Dear Surrano,

The first thing: I have found working system with
Then I was "working" around getting USERNAME in as you suggested and as working system has with 'root' guy.
Somehow he made it looks as:

I am not sure if replacing "user.username" with "ABCXYZ" is good idea (is this just any name?), but at the end of the day values in 'prctl $$ look not what "project" file has, for example:
        privileged        128       -   deny                                 -
        system          16.8M     max   deny                                 -

It seems that whatever is in section ABCXYZ of file 'project ' not available for OS user 'username'

Any thoughts?
Thank you!

Expert Comment

ID: 40228573
The name of the project is used for determining the default project of the user.
If you use a different name, it won't be used by default. You can start a shell within that project using newtask:
newtask -v -p ABCXYZ

You can change the default project of the user in /etc/user_attr by adding a line like:

Open in new window

but first I'd ask the root user if it was really necessary to change the project's name from user.* to something unrelated.


Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Java performance on Solaris - Managing CPUs There are various resource controls in operating system which directly/indirectly influence the performance of application. one of the most important resource controls is "CPU".   In a multithreaded…
FreeBSD on EC2 FreeBSD ( is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question