Linux limits.conf 详解与配置

发布时间: 更新时间: 总字数:1305 阅读时间:3m 作者: IP上海 分享 网址

Linux /etc/security/limits.conf 文件实际是 Linux PAM 可插拔认证模块pam_limits.so 的配置文件,只针对单个 session 生效,不会影响系统服务的资源限制。

作用

为通过 PAM 登录的用户设置资源限制

配置文件

  • /etc/security/limits.conf
  • /etc/security/limits.d

其中,/etc/security/limits.d 会覆盖 /etc/security/limits.conf 中的配置。

配置格式

# /etc/security/limits.conf
#
#Each line describes a limit for a user in the form:
#
#<domain>        <type>  <item>  <value>

domain

限制的范围:user、group以及通配符

#Where:
#<domain> can be:
#        - a user name
#        - a group name, with @group syntax
#        - the wildcard *, for default entry
#        - the wildcard %, can be also used with %group syntax,
#                 for maxlogin limit
#        - NOTE: group and wildcard limits are not applied to root.
#          To apply a limit to the root user, <domain> must be
#          the literal username root.

type

限制资源的类别,soft 的限制不能比 hard 限制高

#<type> can have the two values:
#        - "soft" for enforcing the soft limits
#        - "hard" for enforcing hard limits

item

限制的资源类型

#<item> can be one of the following:
#        - core - limits the core file size (KB)  # 限制内核文件的大小
#        - data - max data size (KB)              # 最大数据大小
#        - fsize - maximum filesize (KB)          # 最大文件大小
#        - memlock - max locked-in-memory address space (KB)  # 最大锁定内存地址空间
#        - nofile - max number of open file descriptors       # 最大打开的文件数(以文件描叙符,file descripter计数)
#        - rss - max resident set size (KB)  # 最大持久设置大小
#        - stack - max stack size (KB)       # 最大栈大小
#        - cpu - max CPU time (MIN)          # 最多CPU占用时间(分钟)
#        - nproc - max number of processes   # 进程的最大数目
#        - as - address space limit (KB)     # 地址空间限制
#        - maxlogins - max number of logins for this user     # 用户允许登录的最大数目
#        - maxsyslogins - max number of logins on the system  # 系统最大同时在线用户数
#        - priority - the priority to run user process with   # 运行用户进程的优先级
#        - locks - max number of file locks the user can hold # 用户可以持有的文件锁的最大数量
#        - sigpending - max number of pending signals         # 等待的最大信号数
#        - msgqueue - max memory used by POSIX message queues (bytes)      # POSIX消息队列使用的最大内存
#        - nice - max nice priority allowed to raise to values: [-20, 19]  # 最大的nice优先级允许提高到值:[-20, 19]
#        - rtprio - max realtime priority   # 最大实时优先级
#        - chroot - change root to directory (Debian-specific)  # 将根目录更改为目录

value

限制的值

示例

#<domain>      <type>  <item>         <value>
#

#*               soft    core            0
#root            hard    core            100000
#*               hard    rss             10000
#@student        hard    nproc           20
#@faculty        soft    nproc           20
#@faculty        hard    nproc           50
#ftp             hard    nproc           0
#ftp             -       chroot          /ftp
#@student        -       maxlogins       4
* soft nofile 204800
* hard nofile 204800
* soft  nproc 204800
* hard  nproc 204800

# End of file

设置所有用户 nofile、nprocsoft、hard limit 值均为 204800

命令行

help

ulimit: usage: ulimit [-SHacdefilmnpqrstuvx] [limit]

参数:

  • -S Set a soft limit for the given resource.
  • -H Set a hard limit for the given resource.
  • -a All current limits are reported.
  • -c The maximum size of core files created.
  • -d The maximum size of a process’s data segment.
  • -e The maximum scheduling priority (“nice”)
  • -f The maximum size of files created by the shell(default option).
  • -i The maximum number of pending signals.
  • -l The maximum size that can be locked into memory.
  • -m The maximum resident set size.
  • -n The maximum number of open file descriptors.
  • -p The pipe buffer size.
  • -q The maximum number of bytes in POSIX message queues.
  • -r The maximum real-time scheduling priority.
  • -s The maximum stack size.
  • -t The maximum amount of cpu time in seconds.
  • -u The maximum number of processes available to a single user.
  • -v The maximum amount of virtual memory available to the process.
  • -x The maximum number of file locks.

demo

# 查看配置
ulimit  -a

# 查看最大打开文件数
ulimit  -n

# 临时配置,打开文件的最大数为 `65535`,重启失效
ulimit  -SHn  65535

# 不限制 core file size
ulimit -c unlimited

ulimit 生效

临时配置

打开文件的最大数为 65535,重启失效:

ulimit  -SHn  65535

永久配置

  • 写入文件 /etc/security/limits.d/etc/security/limits.conf 配置文件中。
  • 由于是对 SSH session 生效的,也可以写入 /etc/profile
# 配置
echo "ulimit -n 204800" >> /etc/profile
echo "ulimit -c unlimited"  >> /etc/profile
egrep "^ulimit -n 204800" /etc/profile >& /dev/null || echo "ulimit -n 204800" >> /etc/profile
egrep "^ulimit -c unlimited" /etc/profile >& /dev/null || echo "ulimit -c unlimited"  >> /etc/profile

生效:
source /etc/profile

配置命令行:

cp /etc/security/limits.conf /etc/security/limits.conf.raw
sed -i '/^es .*nofile/d' /etc/security/limits.conf
echo "es soft nofile 204800" >> /etc/security/limits.conf
echo "es hard nofile 204800" >> /etc/security/limits.conf

限制示例

限制 xiexianbin 用户最大使用 CPU 资源 1 分钟,配置 limits.conf

$ cat /etc/security/limits.conf
xiexianbin hard cpu 1

等同于 ulimit -t 60

  • 跑 cpu 压测脚本,将 1 个 cpu 使用率打满
bash cpu_usage.sh consume 1

获取 pid 为 15274

  • 使用 strace 监控 15274
$ strace -p 15274
strace: Process 15274 attached
+++ killed by SIGKILL +++

说明:

Home Archives Categories Tags Statistics
本文总阅读量 次 本站总访问量 次 本站总访客数