Install/etc/security/limits. conf in linux.
In linux, Oracle is usually installed with/etc/security/limits. conf file, but the specific meaning here may not be everyone's. At the beginning, I didn't clear it very much. I only knew to modify it. Every installation can follow the configuration in the document. Today, I saw an introduction to a general article. I would like to record it for a better understanding.
The linux limits. conf configuration limits. conf file is actually the configuration file of pam_limits.so in Linux PAM (plug-in Authentication module, Pluggable Authentication Modules), and only for a single session.
The limits. conf format is as follows:
Username | @ groupname type resource limit
Username | @ groupname: Set the user name to be restricted. The group name is preceded by @ and the user name. You can also use wildcard * to restrict all users.
Type: soft, hard, and-. soft indicates the setting value that takes effect for the current system. Hard indicates the maximum value that can be set in the system. Soft cannot be more restrictive than har. -Indicates that both soft and hard values are set.
Resource:
Core-restrict the size of kernel files
Date-maximum data size
Fsize-Maximum File Size
Memlock-maximum memory address space locked
Nofile-Maximum number of opened files
Rss-maximum persistent setting size
Stack-maximum stack size
Cpu-maximum CPU time in minutes
Noproc-Maximum number of processes
As-address space limit
Maxlogins-Maximum number of logins allowed by this user
To make the limits. conf file take effect, make sure that the pam_limits.so file is added to the Startup File. View the/etc/pam. d/login file:
Session required/lib/security/pam_limits.so
As mentioned below, you can use ulimit-n 32768 to set the maximum descriptor, but it is only useful for the current session and root. This is not feasible.
Or modify/etc/security/limits. conf, but restart
In addition, I have not checked whether there are limits on the maximum descriptor of linux. Do you want to modify the other limits?
Https://www.nsfocus.net/index.php? Act = magazine & do = view & mid = 134
How to restrict and monitor users
Most of PAM's LINUX systems have built-in PAM support. One function of PAM is to set the system environment, such as setting the system memory size that a user can use. In Red Hat and Caldera
The/etc/security/directory of the Two Release versions contains many configurable files. The most interesting part is the/etc/security/limits. conf file, which allows you to define users or users
Group rules. The rules are soft or hard, and the content of the rules (such as CPU, memory, and maximum file size ). For example:
Hard core 0
Bob soft nproc 100
Bob hard nproc 150
The first line of the rule prohibits everyone from generating core files. The second line of the rule (soft) defines that the maximum number of processes for user bob is 100, and the third line rule (hard) defines that the maximum number of processes for user bob is 150.
. It can exceed the limit (warning) of Soft rules, but cannot exceed the limit of excellent rules. As you can imagine, these rules define that all users can log on to services such as SHELL and FTP.
Helpful.
Bash
Bash has a built-in limiter "ulimit ". Note that no hard limit can be set too high, so if you are in/etc/profile or your. bash_profile (the user cannot edit or
Delete these files). You can apply restrictions to Your Bash shell. This is useful for earlier LINUX releases that lack PAM support. You must also make sure that
Users cannot change their logon shell. The restriction settings are similar to those of PAM. For example:
Ulimit-SC 0
Ulimit-Su 100
Ulimit-hu150
Https://www.ringkee.com/jims/read_folder/books/LinuxHackingExposed
Ulimit command
You can add the command to the profile file or define it in the/etc/security/limits. conf file.
.
Command Parameters
-A: display all limits.
-Maximum size of c core files
-D the maximum data segment size of the process
-F shell: Maximum file size that can be created
-Maximum size of m resident memory
-S maximum stack size
-T the maximum CPU time per second
-P MPs queue size
-N: Maximum number of opened files
-Maximum number of u Processes
-V virtual memory limit
You can also define limits in the/etc/security/limits. conf file.
Domino type item value
Domino is the username or group name starting with the symbol @. * indicates all users. Set "type" to hard or soft. Item refers
Resources to be restricted. Such as cpu, core nproc or maxlogins
. Value is the corresponding limit value.
Https://tech.blogchina.com/123/2005-06-10/372941.html
Common monitoring and management command tools in Unix and Linux
Check the number of files opened by the program.
Sysctl: displays (or sets) system kernel parameters.
Sysctl-a displays all Kernel Parameters
Sysctl-w parameter name = parameter value
For example, sysctl-w fs. file-max = 10240 sets the maximum number of files allowed to be opened simultaneously by the system to be 10240.
The Kernel Parameter fs. file-nr contains three parameter values. The first parameter indicates the peak number of files that have been simultaneously opened in the system,
The second parameter indicates the number of idle (released after allocation) files,
The third parameter indicates the maximum number of files that can be opened. The value is equal to fs. file-max.
Number of files currently opened = first parameter value-second parameter value
For example:
Fs. file-nr = 977 223 10240
Number of files currently opened = 977-233 = 744
Be careful when setting kernel parameters. Improper settings may cause system exceptions or even crash.
Ulimit: displays (or sets) resource limits that can be used by users
Ulimit-a displays the resource limits that users can use
Ulimit unlimited does not limit the resources that users can use, but this setting sets the maximum number of files that can be opened (max open files)
The maximum number of processes that can run simultaneously (max user processes) is invalid.
Ulimit-n <number of files that can be opened at the same time> sets the maximum number of files that can be opened at the same time (max open files)
Example: ulimit-n 8192
If this parameter is set too small, the too program open files error may occur for websites with a large number of concurrent visits.
Ulimit-u <maximum number of concurrent processes that can be run> sets the maximum number of processes that can be run simultaneously (max user processes)
For example, ulimit-u 1024
Https://www-128.ibm.com/developerworks/cn/linux/es-JavaVirtualMachinePerformance.html? Ca = dwcn-newsletter-linux
Performance tuning skills for ibm jvm for Linux on POWER
User restriction settings
To achieve optimal performance, it is very important for the user running the JVM process to have user settings correctly configured. These parameters can be set to one of the following two forms:
Temporarily, it is applicable when logging on to a shell session through the ulimit command.
Permanently, add a corresponding ulimit statement to one of the files read by the logon shell (for example ~ /. Profile), which is a shell-specific user resource file; or
Edit/etc/security/limits. conf.
We recommend that you set it to unlimited. Some important settings are as follows:
Data Segment Length: ulimit-d unlimited
Maximum memory size: ulimit-m unlimited
Stack size: ulimit-s unlimited
CPU time: ulimit-t unlimited
Virtual Memory: ulimit-v unlimited
For Java applications that require many socket connections and make them open, it is best to use ulimit-n or set
The nofile parameter in/etc/security/limits. conf sets the number of file descriptors to be higher than the default value.
Improve shell restrictions for Oracle users
/Etc/security/limits. conf
Oracle soft nproc 2047
Hard nproc 16384
Oracle soft nofile 1024
Oracle hard nofile 65536
/Etc/pam. d/login
Session required/lib/security/pam_limits.so
/Etc/profile
If [$ USER = "oracle"]; then
If [$ SHELL = "/bin/ksh"]; then
Ulimit-p 16384
Ulimit-n 65536
Else
Ulimit-u 16384-n 65536
Fi
Fi