Changing ulimit open file descriptors

[jrprince]

This is regarding changing the open file descriptors limit for regular cpanel account users, essentially, ulimit -n.

I do have Shell Fork Bomb Protection turned on, but it does not seem to matter whether that is on or off, users (except for root and an account in wheel) are limited to 100 open file descriptors.

I have made the changes that typically work as expected on CentOS:

Added nofile lines to /etc/security/limits.conf

* soft nofile 1024
* hard nofile 2048​

Added session required pam_limits.so line to:

/etc/pam.d/common-session
/etc/pam.d/login
/etc/pam.d/sshd​

In addition to modifying the ulimit changes (changing 100 to 1024) that enabling CPanel Shell Fork Bomb Protection makes to:

/etc/bashrc
/etc/profile
/etc/profile.d/limits.sh
/etc/profile.d/limits.csh​

This for the first three:

#cPanel Added Limit Protections -- BEGIN

#unlimit so we can run the whoami
ulimit -n 4096 -u 14335 -m unlimited -d unlimited -s 8192 -c 1000000 -v unlimited 2>/dev/null

LIMITUSER=$USER
if [ -e "/usr/bin/whoami" ]; then

LIMITUSER=`/usr/bin/whoami`​

fi
if [ "$LIMITUSER" != "root" ]; then

ulimit -n 1024 -u 35 -m 200000 -d 200000 -s 8192 -c 200000 -v unlimited 2>/dev/null​

else

ulimit -n 4096 -u 14335 -m unlimited -d unlimited -s 8192 -c 1000000 -v unlimited 2>/dev/null​

fi
#cPanel Added Limit Protections -- END
​

And this for the last one:

#cPanel Added Limit Protections -- BEGIN
setenv LIMITUSER $USER
if ( -e /usr/bin/whoami ) then

setenv LIMITUSER `whoami`​

endif
if ( "$LIMITUSER" != "root" ) then

limit descriptors 1024
limit maxproc 35
limit memoryuse 200000
limit datasize 200000
limit stacksize 8192
limit coredumpsize 200000​

else

limit descriptors 4096
limit maxproc 14335
limit memoryuse unlimited
limit datasize unlimited
limit stacksize 8192
limit coredumpsize 1000000​

endif
#cPanel Added Limit Protections -- END
​

Turning off Fork Bomb Protection removes all of those lines from the profile and shell rc scripts, but no changes are made to the ulimit values. I can edit the line set for root and change it to anything I want easily, but editing the line for non-root users has no effect. I will also note that for my oper user, which is in wheel, the ulimit -n is 1024, while it is 4096 for root. I've not seen where 1024 is specified explicitly for @wheel users (soft and hard are 1024, and changing the values in limits.conf doesn't seem to affect this user either).

So, I'm a little lost on where to look next, short of setting up a CentOS install, duplicating it, installing CloudLinux and WHM on top of it and the diff'ing the file system. Ideas?


Version info:

CPANEL=release
Server version: Apache/2.4.25 (Unix)
Server built: Feb 18 2017 14:51:10
Cpanel::Easy::Apache v3.34.11 rev9999 +cloudlinux
PHP 5.6.30 (cgi-fcgi) (built: Feb 18 2017 14:55:32)
Copyright (c) 1997-2016 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies
mysql Ver 14.14 Distrib 5.6.35, for Linux (x86_64) using EditLine wrapper​

 

[cPanelMichael]

Hello,

The following post offers a manual workaround you may find helpful (it involves changing the file on a regular basis through a cron job):

bash: fork: Resource temporarily unavailable

Thank you.