Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Changing ulimit open file descriptors

Discussion in 'Workarounds and Optimization' started by jrprince, Apr 11, 2017.

  1. jrprince

    jrprince Registered

    Joined:
    Apr 11, 2017
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Kentucky, USA
    cPanel Access Level:
    DataCenter Provider
    This is regarding changing the open file descriptors limit for regular cpanel account users, essentially, ulimit -n.

    I do have Shell Fork Bomb Protection turned on, but it does not seem to matter whether that is on or off, users (except for root and an account in wheel) are limited to 100 open file descriptors.

    I have made the changes that typically work as expected on CentOS:

    Added nofile lines to /etc/security/limits.conf
    * soft nofile 1024
    * hard nofile 2048

    Added session required pam_limits.so line to:
    /etc/pam.d/common-session
    /etc/pam.d/login
    /etc/pam.d/sshd

    In addition to modifying the ulimit changes (changing 100 to 1024) that enabling CPanel Shell Fork Bomb Protection makes to:
    /etc/bashrc
    /etc/profile
    /etc/profile.d/limits.sh
    /etc/profile.d/limits.csh

    This for the first three:
    #cPanel Added Limit Protections -- BEGIN

    #unlimit so we can run the whoami
    ulimit -n 4096 -u 14335 -m unlimited -d unlimited -s 8192 -c 1000000 -v unlimited 2>/dev/null

    LIMITUSER=$USER
    if [ -e "/usr/bin/whoami" ]; then

    LIMITUSER=`/usr/bin/whoami`
    fi
    if [ "$LIMITUSER" != "root" ]; then

    ulimit -n 1024 -u 35 -m 200000 -d 200000 -s 8192 -c 200000 -v unlimited 2>/dev/null
    else
    ulimit -n 4096 -u 14335 -m unlimited -d unlimited -s 8192 -c 1000000 -v unlimited 2>/dev/null
    fi
    #cPanel Added Limit Protections -- END

    And this for the last one:
    #cPanel Added Limit Protections -- BEGIN
    setenv LIMITUSER $USER
    if ( -e /usr/bin/whoami ) then

    setenv LIMITUSER `whoami`
    endif
    if ( "$LIMITUSER" != "root" ) then

    limit descriptors 1024
    limit maxproc 35
    limit memoryuse 200000
    limit datasize 200000
    limit stacksize 8192
    limit coredumpsize 200000
    else
    limit descriptors 4096
    limit maxproc 14335
    limit memoryuse unlimited
    limit datasize unlimited
    limit stacksize 8192
    limit coredumpsize 1000000
    endif
    #cPanel Added Limit Protections -- END

    Turning off Fork Bomb Protection removes all of those lines from the profile and shell rc scripts, but no changes are made to the ulimit values. I can edit the line set for root and change it to anything I want easily, but editing the line for non-root users has no effect. I will also note that for my oper user, which is in wheel, the ulimit -n is 1024, while it is 4096 for root. I've not seen where 1024 is specified explicitly for @wheel users (soft and hard are 1024, and changing the values in limits.conf doesn't seem to affect this user either).

    So, I'm a little lost on where to look next, short of setting up a CentOS install, duplicating it, installing CloudLinux and WHM on top of it and the diff'ing the file system. Ideas?


    Version info:
    CPANEL=release
    Server version: Apache/2.4.25 (Unix)
    Server built: Feb 18 2017 14:51:10
    Cpanel::Easy::Apache v3.34.11 rev9999 +cloudlinux
    PHP 5.6.30 (cgi-fcgi) (built: Feb 18 2017 14:55:32)
    Copyright (c) 1997-2016 The PHP Group
    Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies
    mysql Ver 14.14 Distrib 5.6.35, for Linux (x86_64) using EditLine wrapper
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page