When Too many files are opened (Too open files ),

When Too many files are opened (Too open files ),

As mentioned in the article "Too many open files (Too open files)", you can modify the limit. conf file to use the maximum number of files. However, in actual operations, the maximum file queried by ulimit-n through ssh Login is not the value of limit. conf. To this end, continue to investigate what is going on.

 

1. How does the limit. conf file work?

 

After learning about Linux, the original limit. conf configuration file is the pam_limits.so configuration file in Linux PAM (plug-in Authentication module, Pluggable Authentication Modules.

 

2. What is PAM?

 

Here Baidu knows the Internet's popular answer: Simply put, PAM is mainly composed of a group of shared library files (that is, the suffix is. so file) and some configuration files are used for system service authorization. PAM is the abbreviation of Pluggable Authentication Modules. When you request the service, the application with the PAM Authentication function will be associated with these. so file interaction to determine whether the service can be authorized to the user who initiates the request, such as su, vsftp, httpd, and so on. If the authentication succeeds, the user can use the service or complete the command. If the authentication fails, the user cannot use the service, PAM will write warning information to the specified log file. We can regard PAM as an intermediate referee, which does not depend on any application or service. You can upgrade these applications or services without having to worry about updates or upgrades to PAM's shared libraries, and vice versa. So it is very flexible.

 

It is a shared library, just like a dll file in the window. One of the major advantages of UNIX/LINUX is high cohesion and low coupling. Isn't that true.

 

Oh ~, It turns out that PAM is the same thing, so I finally know why it should be mentioned in/etc/pam in the article "Too many open files (Too open files. d/login: Add the following statement

Session required pam_limits.so

The addition of login takes effect only when su switches to the user. conf also enables why ssh cannot see the set value in the past, but su users can see it later.

 

Then login can add the PAM function. In principle, ssh should also work. Verify that ssh can be configured in the/etc/ssh/sshd_config file. There is a "UsePAM yes" in it to remove this #. Enable this function (the specific PAM verification module is also in/etc/pam. d/directory in the sshd configuration file ).

 

3. If only pam_limits. OS of login is set, and ssh is disabled. What are the processes enabled in two states?

 

With this question, I found some test code on the Internet and processed it as follows:

# Include <stdio. h>

# Include <unistd. h>

# Include <stdlib. h>

# Include <sys/resource. h>

 

Main ()

{

Struct rlimit limit;

While (1 ){

Getrlimit (RLIMIT_NOFILE, & limit );

Printf ("the process can open % dfiles \ n", limit. rlim_cur );

Sleep (2 );

}

}

This code opens the book by printing the largest file in the current process. After testing, the su user opens the process and the print is indeed limit. the value set by conf, but the code printed by executing it via ssh is modified by limit. the value before the conf parameter (that is, limit. conf does not take effect ).

 

This may be related to the process and user sessions of the linux system. Due to the narrow knowledge, I asked a question on the Forum and the user gave me a connection: http://linux.die.net/man/8/pam_limits. The original article has the following sentence:

The pam_limitsPAM module sets limits on the system resources that can be obtained in auser-session. Users of uid = 0 are affected by this limits, too.

This pam_limitsPAM is valid for user sessions and is also valid for processes 0 (kernel processes.

 

There is another question in the process that we usually operate through the terminal, and the parent process that starts the process is the current terminal process, such as ssh, however, some processes run in the background. After the terminal is turned on, who do they belong? Observed. All these lonely processes are received by process 1. Linux Process Management may be involved here. I will not study it in depth.

 

4. Is the effectiveness of pam_limits related to the process?

I think of a situation where, if I use ssh to open a process, the ID of the parent process is my ssh process. After I quit ssh, the sub-process is managed by process 1 (for example, a common java Process ). Will the maximum number of opened files of this sub-process be changed back to the value set in the limit. conf file? Because the value entered by the ssh process is the value before limit. conf modification. In ssh, the test process printing is indeed different from the current limit. conf value, that is, it does not take effect. I found another method on the Internet to directly assign the sub-process of the test code to process 1: setsid. After testing, the maximum number of opened files printed has not changed. As mentioned above, the PAM settings are related to user sessions.

 

Test over. If any problem is found later, follow up.