CentOS 6.x 优先级 limit change to /etc/security/limits.d/xxx
背景
在CentOS 5.x的时代, 修改用户的ulimit配置文件在/etc/security/limits.conf, 包括nproc的限制.
例如
vi /etc/security/limits.conf
# /etc/security/limits.conf
#
#Each line describes a limit for a user in the form:
#
#<domain> <type> <item> <value>
#
#Where:
#<domain> can be:
# - an user name
# - a group name, with @group syntax
# - the wildcard *, for default entry
# - the wildcard %, can be also used with %group syntax,
# for maxlogin limit
#
#<type> can have the two values:
# - "soft" for enforcing the soft limits
# - "hard" for enforcing hard limits
#
#<item> can be one of the following:
# - core - limits the core file size (KB)
# - data - max data size (KB)
# - fsize - maximum filesize (KB)
# - memlock - max locked-in-memory address space (KB)
# - nofile - max number of open files
# - rss - max resident set size (KB)
# - stack - max stack size (KB)
# - cpu - max CPU time (MIN)
# - nproc - max number of processes
# - as - address space limit (KB)
# - maxlogins - max number of logins for this user
# - maxsyslogins - max number of logins on the system
# - priority - the priority to run user process with
# - locks - max number of file locks the user can hold
# - sigpending - max number of pending signals
# - msgqueue - max memory used by POSIX message queues (bytes)
# - nice - max nice priority allowed to raise to values: [-20, 19]
# - rtprio - max realtime priority
#
#<domain> <type> <item> <value>
* soft nofile 131072
* hard nofile 131073
* soft nproc 131072
* hard nproc 131073
* soft core unlimited
* hard core unlimited
* soft memlock 50000000
* hard memlock 50000001
[root@db6 ~]# ulimit -u
131072
[root@db6 ~]# su - postgres
postgres@db6-> ulimit -u
131072
[root@db6 ~]# cat /etc/redhat-release
# Red Hat Enterprise Linux Server release 4.2 (Tikanga)
CentOS release 5.2 (Final)
[root@db6 ~]# uname -r
2.6.18-92.el5
同样的配置, 在CentOS 6.x, 普通用户是1024, root用户是131073.
[root@db-172-16-3-150 ~]# uname -r
2.6.32-358.el6.x86_64
[root@db-172-16-3-150 ~]# cat /etc/redhat-release
CentOS release 6.4 (Final)
postgres@db-172-16-3-150-> ulimit -u
1024
postgres@db-172-16-3-150-> exit
logout
[root@db-172-16-3-150 ~]# ulimit -u
131073
原因是6.x新增了一个nproc的配置文件,并且优先级高于limits.conf配置
[root@db-172-16-3-150 ~]# cat /etc/security/limits.d/90-nproc.conf
# Default limit for number of user's processes to prevent
# accidental fork bombs.
# See rhbz #432903 for reasoning.
* soft nproc 1024
root soft nproc unlimited
[root@db-172-16-3-150 ~]# vi /etc/security/limits.d/90-nproc.conf
# Default limit for number of user's processes to prevent
# accidental fork bombs.
# See rhbz #432903 for reasoning.
* soft nproc 111111
root soft nproc unlimited
[root@db-172-16-3-150 ~]# ulimit -u
131073
[root@db-172-16-3-150 ~]# su - postgres
postgres@db-172-16-3-150-> ulimit -u
111111
普通用户用了/etc/security/limits.d/90-nproc.conf 软限制的配置, 而root用户用了/etc/security/limits.conf 硬限制的配置.
如果把/etc/security/limits.d/90-nproc.conf注释掉, /etc/security/limits.conf的配置就生效了.
[root@db-172-16-3-150 ~]# su - postgres
postgres@db-172-16-3-150-> ulimit -u
131072
postgres@db-172-16-3-150-> exit
logout
[root@db-172-16-3-150 ~]# ulimit -u
131073
小结
1. 说明/etc/security/limits.d/90-nproc.conf优先级更高.
2. http://csrd.aliapp.com/?p=1760
3. http://kumu1988.blog.51cto.com/4075018/1091369