CentOS 6.x 优先级 limit change to /etc/security/limits.d/xxx

2 minute read

背景

在CentOS 5.x的时代, 修改用户的ulimit配置文件在/etc/security/limits.conf, 包括nproc的限制.

例如

vi /etc/security/limits.conf  
# /etc/security/limits.conf  
#  
#Each line describes a limit for a user in the form:  
#  
#<domain>        <type>  <item>  <value>  
#  
#Where:  
#<domain> can be:  
#        - an user name  
#        - a group name, with @group syntax  
#        - the wildcard *, for default entry  
#        - the wildcard %, can be also used with %group syntax,  
#                 for maxlogin limit  
#  
#<type> can have the two values:  
#        - "soft" for enforcing the soft limits  
#        - "hard" for enforcing hard limits  
#  
#<item> can be one of the following:  
#        - core - limits the core file size (KB)  
#        - data - max data size (KB)  
#        - fsize - maximum filesize (KB)  
#        - memlock - max locked-in-memory address space (KB)  
#        - nofile - max number of open files  
#        - rss - max resident set size (KB)  
#        - stack - max stack size (KB)  
#        - cpu - max CPU time (MIN)  
#        - nproc - max number of processes  
#        - as - address space limit (KB)  
#        - maxlogins - max number of logins for this user  
#        - maxsyslogins - max number of logins on the system  
#        - priority - the priority to run user process with  
#        - locks - max number of file locks the user can hold  
#        - sigpending - max number of pending signals  
#        - msgqueue - max memory used by POSIX message queues (bytes)  
#        - nice - max nice priority allowed to raise to values: [-20, 19]  
#        - rtprio - max realtime priority  
#  
#<domain>      <type>  <item>         <value>  
  
* soft    nofile  131072  
* hard    nofile  131073  
* soft    nproc   131072  
* hard    nproc   131073  
* soft    core    unlimited  
* hard    core    unlimited  
* soft    memlock 50000000  
* hard    memlock 50000001  
  
[root@db6 ~]# ulimit -u  
131072  
[root@db6 ~]# su - postgres  
postgres@db6-> ulimit -u  
131072  
  
[root@db6 ~]# cat /etc/redhat-release   
# Red Hat Enterprise Linux Server release 4.2 (Tikanga)  
CentOS release 5.2 (Final)  
[root@db6 ~]# uname -r  
2.6.18-92.el5  

同样的配置, 在CentOS 6.x, 普通用户是1024, root用户是131073.

[root@db-172-16-3-150 ~]# uname -r  
2.6.32-358.el6.x86_64  
[root@db-172-16-3-150 ~]# cat /etc/redhat-release   
CentOS release 6.4 (Final)  
postgres@db-172-16-3-150-> ulimit -u  
1024  
postgres@db-172-16-3-150-> exit  
logout  
[root@db-172-16-3-150 ~]# ulimit -u  
131073  

原因是6.x新增了一个nproc的配置文件,并且优先级高于limits.conf配置

[root@db-172-16-3-150 ~]# cat /etc/security/limits.d/90-nproc.conf   
# Default limit for number of user's processes to prevent  
# accidental fork bombs.  
# See rhbz #432903 for reasoning.  
  
*          soft    nproc     1024  
root       soft    nproc     unlimited  
[root@db-172-16-3-150 ~]# vi /etc/security/limits.d/90-nproc.conf   
  
# Default limit for number of user's processes to prevent  
# accidental fork bombs.  
# See rhbz #432903 for reasoning.  
  
*          soft    nproc     111111  
root       soft    nproc     unlimited  
  
[root@db-172-16-3-150 ~]# ulimit -u  
131073  
[root@db-172-16-3-150 ~]# su - postgres  
postgres@db-172-16-3-150-> ulimit -u  
111111  

普通用户用了/etc/security/limits.d/90-nproc.conf 软限制的配置, 而root用户用了/etc/security/limits.conf 硬限制的配置.

如果把/etc/security/limits.d/90-nproc.conf注释掉, /etc/security/limits.conf的配置就生效了.

[root@db-172-16-3-150 ~]# su - postgres  
postgres@db-172-16-3-150-> ulimit -u  
131072  
postgres@db-172-16-3-150-> exit  
logout  
[root@db-172-16-3-150 ~]# ulimit -u  
131073  

小结

1. 说明/etc/security/limits.d/90-nproc.conf优先级更高.

2. http://csrd.aliapp.com/?p=1760

3. http://kumu1988.blog.51cto.com/4075018/1091369

Flag Counter

digoal’s 大量PostgreSQL文章入口