pam limits.conf cannot change stack size for shell
Yong Huang
yong321 at yahoo.com
Fri Dec 4 18:20:52 UTC 2020
We have a few new VMs running Red Hat Enterprise Linux release 8.3. After installing OS and creating user oracle, oracle logs in and has these resource limits for the shell:
[oracle at myhost ~]$ ulimit -a
core file size (blocks, -c) unlimited
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 257480
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) 257480
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
Then we add the following lines to /etc/security/limits.conf (recommended by Oracle):
# Oracle RAC required user limits
oracle soft nproc 65536
oracle hard nproc 131072
oracle soft nofile 8192
oracle hard nofile 65536
oracle soft stack 10240
oracle soft memlock 64000000
oracle hard memlock 64000000
and this line to /etc/pam.d/login:
session required pam_limits.so
oracle logs in again and sees these limits (my notes are after the arrows):
[oracle at myhost ~]$ ulimit -a
core file size (blocks, -c) unlimited
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 257480
max locked memory (kbytes, -l) 64000000 <-- was 64
max memory size (kbytes, -m) unlimited
open files (-n) 8192 <-- was 1024
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 8192 <-- remains as 8192
cpu time (seconds, -t) unlimited
max user processes (-u) 65536 <-- was 257480
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
Everything meets Oracle's requirement except for stack size. We checked everything we can think of including files in ~oracle (hidden or not) but can't find out why stack size doesn't change per pam limits.conf. Running (as root)
find /etc -type f -exec grep stack {} /dev/null \;
doesn't reveal anything about setting stack except for the line in /etc/security/limits.conf. (Note: /etc/security/limits.d is empty.) Since some settings in limits.conf do take effect, pam must be working (/etc/ssh/sshd_config has UsePAM set to yes). For now, we add "ulimit -s 10240" to /etc/profile as a workaround and it works fine. But would like to find out why only "oracle soft stack 10240" in limits.conf is ignored.
More information about the redhat-list
mailing list