15

I can't seem to increase the nofile limit for non-root users on Ubuntu 14.04, despite following every StackExchange answer related to this problem. So far I have:

$ cat /etc/security/limits.d/custom.conf
@www-data hard nofile 50000
@www-data soft nofile 50000
# even tried specifying the username directly:
myuser hard nofile 50000
myuser soft nofile 50000

$ grep 'limits' /etc/pam.d/common-session*
/etc/pam.d/common-session:session required        pam_limits.so
/etc/pam.d/common-session-noninteractive:session required        pam_limits.so

$ cat /proc/sys/fs/file-max
101232

Rebooted, logged in, and:

$ ulimit -n 4097
-bash: ulimit: open files: cannot modify limit: Operation not permitted

There still somehow seems to be a limit of 4096 max for non-root users.

kenorb
  • 10,347
Caffeine Coma
  • 461
  • 2
  • 4
  • 11

3 Answers3

13

Using Ubuntu 14.04 I got the described hard limit: 

user@notebook:~$ ulimit -Hn 4096

I could lower it using ulimit, but not increase it, just as the question describes it. As ulimit's manual describes:

only root can increase the hard limit

So I tried to set a higher limit in /etc/security/limits.conf like this: 

user hard nofile 9999

and a fresh login like ssh localhost -l user gave me the new limit: 

user@notebook:~$ ulimit -Hn 9999

Hope this works for you, too.

kenorb
  • 10,347
TomTomTom
  • 473
  • Thanks TomTomTom. I already have such a change in /etc/security/limits.d/custom.conf. I did try putting it directly into /etc/security/limits.conf as you suggested, and I still get "bash: ulimit: open files: cannot modify limit: Operation not permitted". – Caffeine Coma Mar 11 '15 at 14:08
  • I - just guess - one of two reasons, why it doesn't work for you: – TomTomTom Mar 12 '15 at 20:52
  • 1
    Took me too long to edit the incomplete comment. Here we go: I - just guess - one of two reasons, why this doesn't work for you: 1. /etc/security/limits* doesn't get read by your login mechanism - for yet unknown reason. 2. Your hard limit gets set to 4096 elsewhere, and "only root can increase ...". You might check your profiles like .bashrc (depending on your shell), or you might check /etc for other places, where limits might be set, like find /etc | grep -e ulimit -e 4096 -e nofile. BTW: did you try ssh? And: have you changed /etc/ssh/sshd.conf to avoid PAM for some reason? – TomTomTom Mar 12 '15 at 21:04
  • Yes- all login is via ssh. I have disabled UsePAM- several guides recommend this as part of allowing only ssh-key based logins. I'll try turning it on temporarily, just to see if that's the problem. Thanks! – Caffeine Coma Mar 13 '15 at 13:59
  • Afaik, PAM is what should read /etc/security/limits* - you might try to enable PAM just to check for this. I'll try disabling PAM to see, what difference it makes and will report the results. --- Yes! that's it! With PAM disabled my limit is 4096, too, altough set to 9999 in /etc/security/limits.conf. – TomTomTom Mar 13 '15 at 17:46
  • Nice sleuthing @TomTomTom. Kind of frustrating that PAM is needed to set a ulimit though. – Caffeine Coma Mar 14 '15 at 13:29
  • This worked for me without messing with PAM (IDK what that is anyway). After you edit limits.conf, do ulimit -n 9999 in the shell you want to increase the limit for. Check it with ulimit -a. – sudo May 23 '16 at 19:21
4

This article, I think addresses your issue.

Basically you should use ulimit command to increase the available resources.

For example:

Use the following command command to display maximum number of open file descriptors:

cat /proc/sys/fs/file-max

To see the hard and soft values, issue the command as follows:

# ulimit -Hn
# ulimit -Sn

To see the hard and soft values for httpd or oracle user, issue the command as follows:

# su - username

To fix the number of maximum files, you can increase the maximum number of open files by setting a new value in kernel variable /proc/sys/fs/file-max as follows (login as the root):

# sysctl -w fs.file-max=100000

Above command forces the limit to 100000 files. You need to edit /etc/sysctl.conf file and put following line so that after reboot the setting will remain as it is. To do that, append a config directive as follows:

fs.file-max = 100000

Save and close the file. Users need to log out and log back in again to changes take effect or just type the following command:

# sysctl -p

Verify your settings with command:

# cat /proc/sys/fs/file-max

or:

# sysctl fs.file-max

The above procedure sets system-wide file descriptors (FD) limits, however you can limit httpd (or any other users) user to specific limits by editing /etc/security/limits.conf file by editing /etc/security/limits.conf and set the limits as follows:

httpd soft nofile 4096
httpd hard nofile 10240

Then check them by:

# su - httpd
$ ulimit -Hn
$ ulimit -Sn

If you've got the problem on other Linux distributions, check the /etc/pam.d/login and make sure you've got pam_limits.so enabled, e.g.

session required pam_limits.so
kenorb
  • 10,347
Brooke Fogg-Wolfe
  • 108
  • 9
  • 2
    Hi Brooke. Unfortunately, I have already tried the suggestions from that article. Though the 'ulimit -Hn' was new to me; it prints 4096, the limit I keep bumping into. – Caffeine Coma Mar 09 '15 at 19:43
1

If it is a Service, you can try to set the limit in /etc/systemd/system/{ServiceName}.service add LimitNOFILE=65536

Maicon Santana
  • 121