[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: revise the /etc/security/limits.conf doesn't take effect for normal user.

> Il giorno dom 11 ago 2019 alle ore 05:30 Hongyi Zhao <hongyi.zhao@gmail.com>
> ha scritto:
> 
> > Hi,
> >
> > I added the following lines into /etc/security/limits.conf:
> >
> > * - nofile 65535
> > root - nofile 65535
> >
> >
> > But it still not take effect for the normal user.

How are you logging in?  How are you checking?


On Sun, Aug 11, 2019 at 11:17:37AM +0200, Emmanuel Gelati wrote:
> check if you are using pam_limits module
> 
> grep -i limit /etc/pam.d/*

For a console login, the relevant file is /etc/pam.d/login which, on
buster, contains:

# Sets up user limits according to /etc/security/limits.conf
# (Replaces the use of /etc/limits in old login)
session    required   pam_limits.so


So, that would be the first step I would try: make sure you are doing
a regular CONSOLE login (not a graphical login, not ssh), don't run
startx or anything like that, and verify your limits in the console
login shell.

I just tried it now, on buster, and it worked for me.

If you verify that this works, but you're still having problems in
whatever OTHER thing you are doing that you haven't described to us
yet, then try telling us what you're doing.

Bear in mind that the PAM limits are only applied to PAM sessions that
use the appropriate configurations.  For example, a console login uses
/etc/pam.d/login which has this configuration.  An ssh login uses
/etc/pam.d/sshd which also has this configuration.  A graphical (display
manager) login ... who knows?  Debugging DM logins can be tricky.  You
could start by telling us which DM it is (lightdm, gdm3, sddm, etc.).
You can verify whether that particular DM is using a PAM configuration
that uses the limits.conf file, and possibly edit the PAM configuration
if needed.

On top of that, it's possible that your Desktop Environment, if any,
may be overriding your resource limits.  Or, you may be launching a
terminal through a non-traditional method (like GNOME does, using dbus
to launch terminals), which means your terminals do not inherit the
resource limits from your X or Wayland session.  (GNOME is written
by and for aliens, not Unix people.)

And beyond that, it's quite possible that you are laboring under some
serious misunderstandings about how resource limits work.  Maybe you
thought they would apply to daemons that are started by systemd, or to
cron jobs that you created.  They don't.  PAM resource limits are only
imposed on PAM sessions.  Not systemd services, not cron jobs, etc.

That's why you need to TELL US WHAT YOU ARE DOING.
Reply to: