[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: maximum number of processes on kernel 2.4.x

I usually ad this to the bottom of /etc/security/limits.conf

*       soft    nofile  4096
*       hard    nofile  8192

and I set the ulimits in /etc/profile. This seems to do the trick for me.

Now, if only I could increase the number of threads I can run with IBM Java.
As soon as you dick about with libc to increase the system threads, it

Ian Cass

----- Original Message -----
From: "Wayne Tucker" <wtucker@donobi.com>
To: "Russell Coker" <russell@coker.com.au>
Cc: <debian-isp@lists.debian.org>
Sent: Tuesday, March 12, 2002 8:03 PM
Subject: Re: maximum number of processes on kernel 2.4.x

> On Tue, Mar 12, 2002 at 12:15:26PM +0100, Russell Coker wrote:
> > BTW, why exactly do you need to have so many root owned processes?
> >
> > Every root owned process is a potential security hole.  Is it possible
> > make some of these things use non-root?
> The server is running CommuniGate Pro, which must be run as root.  I'm
> not particularly comfortable with the idea myself, but since the
> server is only doing email, then if somebody compromises the mail
> software, they have control over everything important that happens on
> the server anyhow.
> It looks like the real problem was actually the pam_limits module that
> is being loaded from the various pam.d configuration files.  It was
> doing a setrlimit(RLIMIT_NPROC, 256), which resulted in it not being
> able to perform the various setuid/setgid calls and whatnot and then
> spawn the login shell.
> Thanks again for your help,
> Wayne
> --
> Wayne A. Tucker - wtucker@donobi.com
> Network Engineer, Donobi Inc.
> --
> To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact

Reply to: