[gentoo-user] Persistent ulimit for daemons

[Michael Orlitzky]

Is there a blessed method these days for setting the ulimit per-daemon?

The best I've been able to do is a global setting in /etc/rc.conf:

rc_ulimit="-s 1048576"

The entries under /etc/security seem to be ignored when using
`/etc/init.d/foo start`.

[Canek Peláez Valdés]

If you are willing to try, systemd allows you to set not only the
limits for opened files, but also for basically every knob the Linux
kernel has. And to set it per daemon (or unit, in systemd parlance),
of course; for what you want, you would only need to set:

LimitNOFILE=<limit>

in the [Service] section of your unit. If you are interested, all the
relevant documentation is in systemd.exec(5).

Regards.
--
Canek Peláez Valdés
Posgrado en Ciencia e Ingeniería de la Computación
Universidad Nacional Autónoma de México

[Michael Orlitzky]

On 08/01/12 11:27, Canek Peláez Valdés wrote:
> On Wed, Aug 1, 2012 at 9:41 AM, Michael Orlitzky <mic...@orlitzky.com> wrote:
>> Is there a blessed method these days for setting the ulimit per-daemon?
>>
>> The best I've been able to do is a global setting in /etc/rc.conf:
>>
>> rc_ulimit="-s 1048576"
>>
>> The entries under /etc/security seem to be ignored when using
>> `/etc/init.d/foo start`.
>
> If you are willing to try, systemd allows you to set not only the
> limits for opened files, but also for basically every knob the Linux
> kernel has. And to set it per daemon (or unit, in systemd parlance),
> of course; for what you want, you would only need to set:
>
> LimitNOFILE=<limit>
>
> in the [Service] section of your unit. If you are interested, all the
> relevant documentation is in systemd.exec(5).
>

This is our mail filtering gateway, so I probably won't be willing to
try systemd until the next time we replace the hardware =)

That does sound extremely useful though. I'm planning on converting my
desktops after it gets a little bit more traction.

[Joost Roeleveld]

Michael,

I had to change the "nofiles" ulimit setting for my webserver. For that, I
simply added the settings to the following file:

# cat /etc/security/limits.conf | grep apache
apache hard nofile 4096
apache soft nofile 4096

I would expect the same to work for any other daemon?

HTH,

Joost

[Michael Orlitzky]

I thought so too, but it doesn't seem to be working (for any daemon, I
even tried with apache just now).

Can you `cat /proc/<pid>/limits` on one of those apache processes? I get
whatever was set for my bash shell rather than what I have in limits.conf.

[Joost Roeleveld]

I do get 4096.
Just had another good look at my notes, I also changed the init-file (Added
the ulimit-statement here):
***
start() {
checkconfig || return 1

[ -f /var/log/apache2/ssl_scache ] && rm /var/log/apache2/ssl_scache

ebegin "Starting ${SVCNAME}"
++++ ulimit -n 4096
${APACHE2} ${APACHE2_OPTS} -k start

i=0
while [ ! -e "${PIDFILE}" ] && [ $i -lt ${TIMEOUT} ]; do
sleep 1 && i=$(expr $i + 1)
done

test -e "${PIDFILE}"
eend $?
}

***

I don't think there is a consistent method of making this change more
permanent.

--
Joost

[Graham Murray]

Add an rc_ulimits= line to /etc/conf.d/daemon_name

[Michael Orlitzky]

On 08/03/2012 12:44 AM, Joost Roeleveld wrote:
>
> I do get 4096.
> Just had another good look at my notes, I also changed the init-file (Added
> the ulimit-statement here):
> ***

> ...

> ebegin "Starting ${SVCNAME}"
> ++++ ulimit -n 4096
> ${APACHE2} ${APACHE2_OPTS} -k start

Ah, this is what does it. I would rather not modify the init file in
case someone else updates clamav (the daemon in question) in the future.
Unless they know I've messed with it, they'll just overwrite the changes.

[Michael Orlitzky]

Wow, this works. Thanks!