Tuesday, April 15, 2014

Solaris: /etc/project 

after getting annoyed at the constant 256 file descriptor limit being exceeded on evil (which i eventually figured out was SSHD ) i tried setting the
/etc/project file as below to try and get *everything* on the system to at least have 1024 soft limit and 2048 hard limit


exc04-sv02d:~ # cat /etc/project
system:0::::process.max-file-descriptor=(basic,1024,deny),(privileged,2048,deny)
user.root:1::::process.max-file-descriptor=(basic,1024,deny),(privileged,2048,deny)
noproject:2::::process.max-file-descriptor=(basic,1024,deny),(privileged,2048,deny)
default:3::::process.max-file-descriptor=(basic,1024,deny),(privileged,2048,deny)
group.staff:10::::process.max-file-descriptor=(basic,1024,deny),(privileged,2048,deny)



and rebooted the system but there are still processes that have 256 file decriptors

eg.

exc04-sv02d:~ # plimit 439
439:    /usr/sbin/cron
   resource              current         maximum
  time(seconds)         unlimited       unlimited
  file(blocks)          unlimited       unlimited
  data(kbytes)          unlimited       unlimited
  stack(kbytes)         8192            unlimited
  coredump(blocks)      unlimited       unlimited
  nofiles(descriptors)  256             65536
  vmemory(kbytes)       unlimited       unlimited


project is "system"

exc04-sv02d:~ # /usr/bin/ps -o project,user,pid,ppid,pcpu,pmem,nice -o vsz=VIRTUAL -o rss=RESIDENT -o tty,stime,time,args -eaf|fgrep cron
  system  root   439     1  0.0  0.1 20    9272     6136 ?         Feb_12       00:00 /usr/sbin/cron



"system" is configured how I expect

exc04-sv02d:~ # cat /etc/project
system:0::::process.max-file-descriptor=(basic,1024,deny),(privileged,2048,deny)
user.root:1::::process.max-file-descriptor=(basic,1024,deny),(privileged,2048,deny)
noproject:2::::process.max-file-descriptor=(basic,1024,deny),(privileged,2048,deny)
default:3::::process.max-file-descriptor=(basic,1024,deny),(privileged,2048,deny)
group.staff:10::::process.max-file-descriptor=(basic,1024,deny),(privileged,2048,deny)




am i going about this the wrong way? or are the defaults that would have previously been set in the /etc/system file *still* being used here?

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)