public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-user] Persistent ulimit for daemons
@ 2012-08-01 14:41 Michael Orlitzky
  2012-08-01 15:27 ` Canek Peláez Valdés
                   ` (2 more replies)
  0 siblings, 3 replies; 9+ messages in thread
From: Michael Orlitzky @ 2012-08-01 14:41 UTC (permalink / raw
  To: gentoo-user

Is there a blessed method these days for setting the ulimit per-daemon?

The best I've been able to do is a global setting in /etc/rc.conf:

  rc_ulimit="-s 1048576"

The entries under /etc/security seem to be ignored when using
`/etc/init.d/foo start`.


^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [gentoo-user] Persistent ulimit for daemons
  2012-08-01 14:41 [gentoo-user] Persistent ulimit for daemons Michael Orlitzky
@ 2012-08-01 15:27 ` Canek Peláez Valdés
  2012-08-01 15:49   ` Michael Orlitzky
  2012-08-02  5:52 ` Joost Roeleveld
  2012-08-03  5:08 ` Graham Murray
  2 siblings, 1 reply; 9+ messages in thread
From: Canek Peláez Valdés @ 2012-08-01 15:27 UTC (permalink / raw
  To: gentoo-user

On Wed, Aug 1, 2012 at 9:41 AM, Michael Orlitzky <michael@orlitzky.com> wrote:
> Is there a blessed method these days for setting the ulimit per-daemon?
>
> The best I've been able to do is a global setting in /etc/rc.conf:
>
>   rc_ulimit="-s 1048576"
>
> The entries under /etc/security seem to be ignored when using
> `/etc/init.d/foo start`.

If you are willing to try, systemd allows you to set not only the
limits for opened files, but also for basically every knob the Linux
kernel has. And to set it per daemon (or unit, in systemd parlance),
of course; for what you want, you would only need to set:

LimitNOFILE=<limit>

in the [Service] section of your unit. If you are interested, all the
relevant documentation is in systemd.exec(5).

Regards.
-- 
Canek Peláez Valdés
Posgrado en Ciencia e Ingeniería de la Computación
Universidad Nacional Autónoma de México


^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [gentoo-user] Persistent ulimit for daemons
  2012-08-01 15:27 ` Canek Peláez Valdés
@ 2012-08-01 15:49   ` Michael Orlitzky
  0 siblings, 0 replies; 9+ messages in thread
From: Michael Orlitzky @ 2012-08-01 15:49 UTC (permalink / raw
  To: gentoo-user

On 08/01/12 11:27, Canek Peláez Valdés wrote:
> On Wed, Aug 1, 2012 at 9:41 AM, Michael Orlitzky <michael@orlitzky.com> wrote:
>> Is there a blessed method these days for setting the ulimit per-daemon?
>>
>> The best I've been able to do is a global setting in /etc/rc.conf:
>>
>>   rc_ulimit="-s 1048576"
>>
>> The entries under /etc/security seem to be ignored when using
>> `/etc/init.d/foo start`.
> 
> If you are willing to try, systemd allows you to set not only the
> limits for opened files, but also for basically every knob the Linux
> kernel has. And to set it per daemon (or unit, in systemd parlance),
> of course; for what you want, you would only need to set:
> 
> LimitNOFILE=<limit>
> 
> in the [Service] section of your unit. If you are interested, all the
> relevant documentation is in systemd.exec(5).
> 

This is our mail filtering gateway, so I probably won't be willing to
try systemd until the next time we replace the hardware =)

That does sound extremely useful though. I'm planning on converting my
desktops after it gets a little bit more traction.


^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [gentoo-user] Persistent ulimit for daemons
  2012-08-01 14:41 [gentoo-user] Persistent ulimit for daemons Michael Orlitzky
  2012-08-01 15:27 ` Canek Peláez Valdés
@ 2012-08-02  5:52 ` Joost Roeleveld
  2012-08-02 15:38   ` Michael Orlitzky
  2012-08-03  5:08 ` Graham Murray
  2 siblings, 1 reply; 9+ messages in thread
From: Joost Roeleveld @ 2012-08-02  5:52 UTC (permalink / raw
  To: gentoo-user

On Wednesday, August 01, 2012 10:41:41 AM Michael Orlitzky wrote:
> Is there a blessed method these days for setting the ulimit per-daemon?
> 
> The best I've been able to do is a global setting in /etc/rc.conf:
> 
>   rc_ulimit="-s 1048576"
> 
> The entries under /etc/security seem to be ignored when using
> `/etc/init.d/foo start`.

Michael,

I had to change the "nofiles" ulimit setting for my webserver. For that, I 
simply added the settings to the following file:

# cat /etc/security/limits.conf | grep apache
apache        hard  nofile   4096
apache        soft  nofile   4096

I would expect the same to work for any other daemon?

HTH,

Joost


^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [gentoo-user] Persistent ulimit for daemons
  2012-08-02  5:52 ` Joost Roeleveld
@ 2012-08-02 15:38   ` Michael Orlitzky
  2012-08-03  4:44     ` Joost Roeleveld
  0 siblings, 1 reply; 9+ messages in thread
From: Michael Orlitzky @ 2012-08-02 15:38 UTC (permalink / raw
  To: gentoo-user

On 08/02/12 01:52, Joost Roeleveld wrote:
> On Wednesday, August 01, 2012 10:41:41 AM Michael Orlitzky wrote:
>> Is there a blessed method these days for setting the ulimit per-daemon?
>>
>> The best I've been able to do is a global setting in /etc/rc.conf:
>>
>>   rc_ulimit="-s 1048576"
>>
>> The entries under /etc/security seem to be ignored when using
>> `/etc/init.d/foo start`.
> 
> Michael,
> 
> I had to change the "nofiles" ulimit setting for my webserver. For that, I 
> simply added the settings to the following file:
> 
> # cat /etc/security/limits.conf | grep apache
> apache        hard  nofile   4096
> apache        soft  nofile   4096
> 
> I would expect the same to work for any other daemon?
> 

I thought so too, but it doesn't seem to be working (for any daemon, I
even tried with apache just now).

Can you `cat /proc/<pid>/limits` on one of those apache processes? I get
whatever was set for my bash shell rather than what I have in limits.conf.


^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [gentoo-user] Persistent ulimit for daemons
  2012-08-02 15:38   ` Michael Orlitzky
@ 2012-08-03  4:44     ` Joost Roeleveld
  2012-08-03 16:23       ` Michael Orlitzky
  0 siblings, 1 reply; 9+ messages in thread
From: Joost Roeleveld @ 2012-08-03  4:44 UTC (permalink / raw
  To: gentoo-user

On Thursday, August 02, 2012 11:38:32 AM Michael Orlitzky wrote:
> On 08/02/12 01:52, Joost Roeleveld wrote:
> > On Wednesday, August 01, 2012 10:41:41 AM Michael Orlitzky wrote:
> >> Is there a blessed method these days for setting the ulimit per-daemon?
> >> 
> >> The best I've been able to do is a global setting in /etc/rc.conf:
> >>   rc_ulimit="-s 1048576"
> >> 
> >> The entries under /etc/security seem to be ignored when using
> >> `/etc/init.d/foo start`.
> > 
> > Michael,
> > 
> > I had to change the "nofiles" ulimit setting for my webserver. For that, I
> > simply added the settings to the following file:
> > 
> > # cat /etc/security/limits.conf | grep apache
> > apache        hard  nofile   4096
> > apache        soft  nofile   4096
> > 
> > I would expect the same to work for any other daemon?
> 
> I thought so too, but it doesn't seem to be working (for any daemon, I
> even tried with apache just now).
> 
> Can you `cat /proc/<pid>/limits` on one of those apache processes? I get
> whatever was set for my bash shell rather than what I have in limits.conf.

I do get 4096.
Just had another good look at my notes, I also changed the init-file (Added 
the ulimit-statement here):
***
start() {
        checkconfig || return 1

        [ -f /var/log/apache2/ssl_scache ] && rm /var/log/apache2/ssl_scache

        ebegin "Starting ${SVCNAME}"
++++        ulimit -n 4096
        ${APACHE2} ${APACHE2_OPTS} -k start

        i=0
        while [ ! -e "${PIDFILE}" ] && [ $i -lt ${TIMEOUT} ]; do
                sleep 1 && i=$(expr $i + 1)
        done

        test -e "${PIDFILE}"
        eend $?
}

***

I don't think there is a consistent method of making this change more 
permanent.

--
Joost


^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [gentoo-user] Persistent ulimit for daemons
  2012-08-01 14:41 [gentoo-user] Persistent ulimit for daemons Michael Orlitzky
  2012-08-01 15:27 ` Canek Peláez Valdés
  2012-08-02  5:52 ` Joost Roeleveld
@ 2012-08-03  5:08 ` Graham Murray
  2012-08-03 16:29   ` Michael Orlitzky
  2 siblings, 1 reply; 9+ messages in thread
From: Graham Murray @ 2012-08-03  5:08 UTC (permalink / raw
  To: gentoo-user

Michael Orlitzky <michael@orlitzky.com> writes:

> Is there a blessed method these days for setting the ulimit per-daemon?
>
> The best I've been able to do is a global setting in /etc/rc.conf:
>
>   rc_ulimit="-s 1048576"
>
> The entries under /etc/security seem to be ignored when using
> `/etc/init.d/foo start`.

Add an rc_ulimits= line to /etc/conf.d/daemon_name


^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [gentoo-user] Persistent ulimit for daemons
  2012-08-03  4:44     ` Joost Roeleveld
@ 2012-08-03 16:23       ` Michael Orlitzky
  0 siblings, 0 replies; 9+ messages in thread
From: Michael Orlitzky @ 2012-08-03 16:23 UTC (permalink / raw
  To: gentoo-user

On 08/03/2012 12:44 AM, Joost Roeleveld wrote:
> 
> I do get 4096.
> Just had another good look at my notes, I also changed the init-file (Added 
> the ulimit-statement here):
> ***
> ...
>         ebegin "Starting ${SVCNAME}"
> ++++        ulimit -n 4096
>         ${APACHE2} ${APACHE2_OPTS} -k start

Ah, this is what does it. I would rather not modify the init file in
case someone else updates clamav (the daemon in question) in the future.
Unless they know I've messed with it, they'll just overwrite the changes.


^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [gentoo-user] Persistent ulimit for daemons
  2012-08-03  5:08 ` Graham Murray
@ 2012-08-03 16:29   ` Michael Orlitzky
  0 siblings, 0 replies; 9+ messages in thread
From: Michael Orlitzky @ 2012-08-03 16:29 UTC (permalink / raw
  To: gentoo-user

On 08/03/2012 01:08 AM, Graham Murray wrote:
> Michael Orlitzky <michael@orlitzky.com> writes:
> 
>> Is there a blessed method these days for setting the ulimit per-daemon?
>>
>> The best I've been able to do is a global setting in /etc/rc.conf:
>>
>>   rc_ulimit="-s 1048576"
>>
>> The entries under /etc/security seem to be ignored when using
>> `/etc/init.d/foo start`.
> 
> Add an rc_ulimits= line to /etc/conf.d/daemon_name
> 

Wow, this works. Thanks!


^ permalink raw reply	[flat|nested] 9+ messages in thread

end of thread, other threads:[~2012-08-03 16:30 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-08-01 14:41 [gentoo-user] Persistent ulimit for daemons Michael Orlitzky
2012-08-01 15:27 ` Canek Peláez Valdés
2012-08-01 15:49   ` Michael Orlitzky
2012-08-02  5:52 ` Joost Roeleveld
2012-08-02 15:38   ` Michael Orlitzky
2012-08-03  4:44     ` Joost Roeleveld
2012-08-03 16:23       ` Michael Orlitzky
2012-08-03  5:08 ` Graham Murray
2012-08-03 16:29   ` Michael Orlitzky

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox