5

I set the following values (-1 will be resolved to unlimited, I suppose) in /etc/security/limits.conf (CentOS 6.2)

root nofile soft -1

root nofile hard -1

and I can't log in with root user now. Similar to the issue described here. Setting the value back would resolve the issue.

Can anyone help to explain this ?

Updates:

Thanks guys. I memorize my settings incorrectly. Those values should be

root soft nofile -1
root hard nofile -1
manuzhang
  • 157
  • 1
  • 1
  • 6

3 Answers3

4

As @Michael Hampton told you, your syntax is wrong, but anyway i don't think is good idea to set the file limit to unlimited

You can read this post for more information https://stackoverflow.com/questions/1212925/on-linux-set-maximum-open-files-to-unlimited-possible

I downloaded the kernel version linux-2.6.32.61 and i saw this from kernel/sys.c:

 SYSCALL_DEFINE2(setrlimit, unsigned int, resource, struct rlimit __user *, rlim)
 {
    struct rlimit new_rlim, *old_rlim;
    int retval;

    if (resource >= RLIM_NLIMITS)
            return -EINVAL;
    if (copy_from_user(&new_rlim, rlim, sizeof(*rlim)))
            return -EFAULT;
    if (new_rlim.rlim_cur > new_rlim.rlim_max)
            return -EINVAL;
    old_rlim = current->signal->rlim + resource;
    if ((new_rlim.rlim_max > old_rlim->rlim_max) &&
        !capable(CAP_SYS_RESOURCE))
            return -EPERM;
    if (resource == RLIMIT_NOFILE && new_rlim.rlim_max > sysctl_nr_open)
            return -EPERM;

from man proc

The kernel constant NR_OPEN imposes an upper limit on the value that may be placed in 
file-max.

from ./fs/file.c:

./fs/file.c:30:int sysctl_nr_open __read_mostly = 1024*1024;
echo $((1024*1024))
1048576

why you need more files than nr_open?

i did a test using your limits.conf settings:

/etc/pam.d/su:

 egrep -v "^#|^$" /etc/pam.d/su
 auth       sufficient pam_rootok.so
 session       required   pam_env.so readenv=1
 session       required   pam_env.so readenv=1 envfile=/etc/default/locale
 session    optional   pam_mail.so nopen
 session    required   pam_limits.so 
 @include common-auth
 @include common-account
 @include common-session

Now i'll to switch to user root using su command:

root@ubuntu:~# strace -e setrlimit su - root
setrlimit(RLIMIT_NOFILE, {rlim_cur=RLIM64_INFINITY, rlim_max=RLIM64_INFINITY}) = -1 EPERM (Operationnot permitted)
c4f4t0r
  • 5,149
  • 3
  • 28
  • 41
1

You've reversed the second and third fields.

It should read instead:

root soft nofile -1
root hard nofile -1
Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
0

The number you set in for nofile (number of open files) cannot be greater than the value found in /proc/sys/fs/nr_open. Check that file and use that value.

[root]# cat /proc/sys/fs/nr_open 1048576 [root]# cat /etc/security/limits.d/biguser.conf biguser - nofile 1048576

dustmachine
  • 101
  • 2