0

I have a fully-updated Red Hat Enterprise Linux (RHEL) 8.1 x86_64 system where, as a local user in a local terminal (i.e. not remotely via SSH), when I run ulimit -Sn it says 1024 and ulimit -Hn yields 4096. I would like to increase those numbers because often when I compile large projects like gcc, the make step would fail with a too many open files error. I've even tried moving the compilation into a podman container, but that didn't help because the container just inherited my local user's ulimits.

Here's what I've tried on the host:

  1. In /etc/security/limits.conf I've added:
*          soft nofile 32767
*          hard nofile 65535
[username] soft nofile 32767
[username] hard nofile 65535
  1. I checked ls -a /etc/security/limits.d/ and there are no files there.
  2. In /etc/sysctl.conf there is a line stating fs.file-max = 65535. I also ran sysctl -p.
  3. I added session required pam_limits.so to the end of the file /etc/pam.d/login.
  4. ls -a /etc/sysctl.d/ showed two files ./ ../ 50-libreswan.conf 99-sysctl.conf@, neither contained anything related to the number of open files.
  5. cat /proc/sys/fs/file-max says 65535.
  6. /etc/systemd/user.conf is empty (all lines commented out), and I tried to explicitly set DefaultLimitNOFILE=65535.

After trying the above, when I run cat /proc/self/limits or prlimit, the relevant output line still says:

NOFILE     max number of open files                1024      4096 files

The only clue I have right now is that when I use Gnome's System Activity app to look at my processes, when I have a terminal window open there are two bash processes, both under my local user. Strangely, when I run cat /proc/[process id]/limits on the two processes, one shows the large 32767 limit but the other has the original 1024 limit. I thought of checking my ~/.bashrc and ~/.bash_profile but they don't change my ulimit.

I'm stumped!

What else can I check and try in order to increase my ulimit -n? Could systemd or SELinux have something to do with it? Thank you for your help.

EDIT: Per @Gerrit's suggestion, I ran systemd-cgls which says that practically all things running under my local user are under:

-.slice
├─user.slice
│ ├─user-1005.slice
│ │ ├─session-2.scope
│ │ │ └─[many entries here]
│ │ └─user@1005.service
│ │   └─[many entries here]
hpy
  • 835
  • 3
  • 18
  • 28

1 Answers1

1

In a systemd setup before version 240 all user processes run under default user resource limits suggested by the kernel, which on RHEL 8.1 appears to be 4096 for the hard limit and 1024 for the soft limit. In systemd 240 this changed to set the default hard limit to 512K, the default soft limit remains the same, to avoid problems with programs reserving memory for every potential file descriptor or other compatibility issues.

You can change the default HARD limit of NOFILE in /etc/systemd/system.conf in the [Manager] section with the DefaultLimitNOFILE= setting. A reboot is required to make this effective.

After that you can indeed raise the default Soft limit of NOFILE by setting it in /etc/security/limits.conf with * soft nofile nnnn. Adding pam_limits to /etc/pam.d/login is not required, at least not in Centos 7, as that is already included through /etc/pam.d/system-auth.

Gerrit
  • 1,347
  • 7
  • 8
  • thanks for your suggestions. I checked `/etc/systemd/user.conf` and it is empty (all lines commented out), and I tried to explicitly set `DefaultLimitNOFILE=65535`, but that didn't help. Anything else I can check/try? – hpy Apr 10 '20 at 12:49
  • 1
    If you say user.conf was empty, do you mean it was completely empty? I believe that all directives should be under a section header [manager]. But it could also be that you should modify system.conf to apply to the system console. And then probably reboot also. – Gerrit Apr 10 '20 at 13:39
  • 1
    Perhaps it would be best to first use `systemd-cgls` to see where your shell is located in the hierarchy. – Gerrit Apr 10 '20 at 13:58
  • Running `systemd-cgls` shows me that almost everything related to my local user (e.g. Gnome, Wayland, shell, etc.) are under: `-.slice ├─user.slice │ ├─user-1005.slice │ │ ├─session-2.scope` And under `user-1005.slice` there is also another tree called `│ │ └─user@1005.service ` **(this is kind of hard to read so I've edited my original post to make it clear)** – hpy Apr 10 '20 at 14:08
  • as for `user.conf`, `system.conf` and the other `*.conf`s I saw, they were empty in that there is indeed a `[manager]` header, but everything was commented out. I *un-commented* `DefaultLimitNOFILE=` in `user.conf` and changed it to `DefaultLimitNOFILE=65535` to no avail. – hpy Apr 10 '20 at 14:14
  • 1
    I can only test on Centos 7 for the time being. I find that I can raise the HARD limit by setting DefaultLimitNOFILE= in [Manager] section of /etc/systemd/system.conf AND doing a reboot, no luck with just daemon-reload. user.conf will only apply to processes started with systemctl --user – Gerrit Apr 10 '20 at 14:59
  • Finally got it to work. I additionally found [this question](https://unix.stackexchange.com/q/366352/1375) and [this question](https://superuser.com/q/1200539/13679) that matches your suggestion, and indeed the limits are generally set by `user.conf` and `system.conf` in `/etc/systemd`. Thank you for pointing me in the right direction! Perhaps your comments can be put into you answer and I'll mark it as solved! – hpy Apr 11 '20 at 12:55
  • Ooops I missed your updated answer, thank you so much @Gerrit, marking as solved! :) – hpy Apr 11 '20 at 13:04