Posted 20 February, 2020
The nproc are the number of proces units a user can start; This is managed in the file :
/etc/security/limits.confbut can be overwritten in
/etc/security/limits.d/ normally in
/etc/security/limits.d/20-nproc.conf which has priority over the limits.conf file. To check how many nproc’s you are using, you need to include the amount of threads, this can be seen using :
[[email protected] ~]# ps -lfu root | wc -l 603
The default limit for Centos 7 is 4096 for a user and unlimited for root;
# Default limit for number of user's processes to prevent # accidental fork bombs. # See rhbz #432903 for reasoning. * soft nproc 4096 root soft nproc unlimited
On Centos 5 this was based on the amount of threads-max the kernel could handle; (50% of that)
[[email protected] ~]# sysctl -a | grep threads-max kernel.threads-max = 1029577
In Centos 6 the limit was 1024; and on Centos 7 the limit got increased to 4096; While its already higher, we could argue to increase it even further; As threads are relatively cheap.
I increased it to a randomly selected 10000 hard and 8192 soft; Except for the root, although a limit might be useful, I’m afraid if a fork bomb happens, you need the unlimited power to stop it … (perhaps soft ?)
cat /etc/security/limits.d/20-nproc.conf # Default limit for number of user's processes to prevent # accidental fork bombs. # See rhbz #432903 for reasoning. * soft nproc 8192 * hard nproc 10000 root soft nproc unlimited root hard nproc unlimited
A similar thing can be done for open files per user; since there is no specific number (yet?) I used 30-nofile.conf You could base this on the maximum open files the system can handle
cat /proc/sys/fs/file-max but that seems a bit excessive !
cat /etc/security/limits.d/30-nofile.conf # max cat /proc/sys/fs/file-max # 13163513 * soft nofile 100000 * hard nofile 100001
How to activate it ? Just open a new shell, and the limits are active; check :
[[email protected] ~]# ulimit -a core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 514788 max locked memory (kbytes, -l) unlimited max memory size (kbytes, -m) unlimited open files (-n) 100000 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 8192 cpu time (seconds, -t) unlimited max user processes (-u) 20001 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited
Useful links :
If you enjoyed this article, please consider buying me a Dr Pepper.
Fuel the beast!
Buy me a Dr Pepper