Many
Times as a Sys admin,I see users create different scripts or process
that cause a system failure. Many times there are done with out the
knowledge of the scripts or process effectively.
One
of the dangers associated with the thin client model is that a
runaway process might eat up all of the available system memory
and/or cpu on the host system. When this happens, the performance on
that system can degrade resulting in system hangs, freezes, and a
host of other generally undesirable consequences.
sysctl.conf
( System Level )
The
number of concurrently open file descriptors throughout the system
can be changed via /etc/sysctl.conf file under Linux operating
systems.
So
you can increase the maximum number of open files by setting a new
value in kernel variable /proc/sys/fs/file-max as follows (login as
the root):
sysctl
-w fs.file-max=100000
Also
we can edit the sysctl.conf file and add
fs.file-max
= 100000
Save
and close the file. Users need to log out and log back in again to
changes take effect or just type the following command:
#
sysctl -p
check
the changes using
sysctl
fs.file-max
Limits.conf
( User Level )
The
limits.conf is a file located in /etc/security. This file provides
the ability to specify the user and group level limits to specific
resources like memory , cpu etc. Limits set in this file are set on a
per user or per group basis.
The
basic syntax for limits.conf consists of individual lines with values
of the following types:
(domain)
(type) (item) (value)
where
domain is user or group, type refers to a hard or soft limit, item
refers to the resource being limited and value referring to the value
associated with the limit being set. For example, setting the
following value:
me
hard priority 20
places
a hard limit on the priority with which jobs are scheduled for a user
named 'me'. In this case, user 'me' is always scheduled at the lowest
possible priority.
Some
more examples include ,
guest
hard cpu 10 : max CPU time
Ulimt
In
Linux , there is a way to restrict things that a user is allowed to
do. This can be achieved by using the 'ulimit' command. This is
available as a part of the shell is that you can include it in the
individual user's profile and have it apply to them, or place your
restrictions in /etc/security/limits.conf and have them apply to all
users.
One
important thing is that ulimit cant be used to manage file space.
This is specifically used to manage process and we can limit then in
three ways
Unlimited
( the Default one)
Hard
Limit ( the User Cannot Exceed this)
Soft
Limit (The Users may exceed this)
These
are based on the parameters -H and -S that we pass .A hard limit
cannot be increased, while a soft limit can be increased until it
reaches the value of a hard limit
When
we run the 'ulimit -a' command
LocalHost:Root -~
$ ulimit -a
core
file size (blocks, -c) 0
data
seg size (kbytes, -d) 1073741824
scheduling
priority (-e) 0
file
size (blocks, -f) unlimited
pending
signals (-i) 32832
max
locked memory (kbytes, -l) 32
max
memory size (kbytes, -m) 1073741824
open
files (-n) 8192
pipe
size (512 bytes, -p) 8
POSIX
message queues (bytes, -q) 819200
real-time
priority (-r) 0
stack
size (kbytes, -s) 10240
cpu
time (seconds, -t) unlimited
max
user processes (-u) 32832
virtual
memory (kbytes, -v) 1073741824
file
locks (-x) unlimited
If
there are no hard or soft restrictions set, the response returned
will simply be “unlimited." This does not mean there are not
limits.
Here
are Explanation of the Output
CPU
TIME - Limits the number of CPU seconds a process can use (not clock
seconds). CPU time is the amount of time the CPU actual spends
executing processor instructions and is often much less than the
total program "runs time".
VIRTUAL
MEMORY SIZE - the most useful of the memory-related limitations,
because it includes all types of memory, including the stack, the
heap, and memory-mapped files. Specified in kilobytes. For Single
Process
DATA
SEGMENT SIZE - Limits the amount of memory that a process can
allocate on the heap, Specified in kilobytes. For Single Process
STACK
SIZE - Limits the amount of memory a process can allocate on the
stack. Specified in kilobytes.
FILE
SIZE - Limits the maximum size of any one file a process can create.
Specified in 512-byte blocks.
MAX
USER PROCESSES - limits the number of processes the current user is
permitted to have in the process table at one time. Attempts to
start additional processes will fail.
OPEN
FILES - limits the number of file descriptors belonging to a single
process. "File descriptors" includes not only files but
also sockets for Internet communication. Attempts to open additional
file descriptors will fail.
LOCKED
MEMORY - this parameter limits the maximum amount of memory that can
be "locked down" to a specific address in physical memory
by a given process. In practice, only the root user can lock memory
in this fashion. Specified in kilobytes, in the bash shell, as found
in
Linux
and many other systems.
MAX
RESIDENT SET SIZE - this parameter limits the amount of memory that
can be "swapped in" to physical RAM on behalf of any one
process. Specified in kilobytes.
MAX
TOTAL SOCKET BUFFER SIZE - this parameter limits the total amount of
memory that may be taken up by buffers holding network data on behalf
of a given process. Specified in bytes.
PIPE
SIZE - when two Unix processes communicate via a pipe or FIFO (first
in first out) buffer, as in the simple case of paging through a
directory listing with the command "ls | more", the output
of the first command is buffered before transmission to the second.
The size of this buffer, in bytes, is the pipe size. This is
typically not an adjustable parameter, except at kernel compile time.
CORE
FILE SIZE - Limits the size of a "core" file left behind
when a process encounters a segmentation fault or other unexpected
fatal error. Core files are images of the entire memory space used by
the process at the time of the crash, and can be used to examine the
state
of
the process. Specified in 512-byte blocks.
Changing
the Values
These
values can be changed using the 'ulimit' it self.
For
example, to reduce the number of processes a user can have from the
default to 100, you can use the command
ulimit
–u 100
and
then try 'ulimit -a' for the updated result.
To
Set the Hard Limit and Soft Limit use
Local
host-~ $ ulimit –S –u 100
100
Local
host-~ $ ulimit –H –u 8192
8192
To
set a value to unlimited, use the word itself: ulimit –u unlimited
.
To
see only one value, specify that parameter. For example, to see the
soft value of user processes, enter: ulimit –Su
Happy
Learning
