Linux system resource limits (ulimit) is an important mechanism for controlling process resource usage, preventing processes from consuming excessive system resources.
ulimit basic concepts:
- ulimit is a shell built-in command used to control resource limits of the shell process and its child processes
- Limits are divided into soft limits and hard limits
- Soft limits can be adjusted by users but cannot exceed hard limits
- Hard limits can only be increased by root users
- Configuration files: /etc/security/limits.conf, /etc/security/limits.d/
Common ulimit commands:
- ulimit -a: display all current resource limits
- ulimit -n: view/set maximum number of open files
- ulimit -u: view/set maximum number of user processes
- ulimit -s: view/set stack size
- ulimit -v: view/set maximum virtual memory
- ulimit -m: view/set maximum resident memory
- ulimit -c: view/set core file size
- ulimit -t: view/set maximum CPU time
- ulimit -f: view/set maximum file size
- ulimit -l: view/set maximum locked memory
- ulimit -p: view/set pipe buffer size
- ulimit -e: view/set maximum scheduling priority
- ulimit -r: view/set maximum realtime priority
Resource limit types:
- File descriptor limits:
- open files: maximum number of open files (-n)
- max locked memory: maximum locked memory (-l)
- Process limits:
- max user processes: maximum number of user processes (-u)
- max pending signals: maximum pending signals
- Memory limits:
- max memory size: maximum resident memory (-m)
- virtual memory: maximum virtual memory (-v)
- stack size: stack size (-s)
- CPU limits:
- cpu time: maximum CPU time (-t)
- max nice priority: maximum nice priority (-e)
- max realtime priority: maximum realtime priority (-r)
- Other limits:
- file size: maximum file size (-f)
- pipe size: pipe buffer size (-p)
- core file size: core file size (-c)
limits.conf configuration format:
- Format:
- domain: can be user, group, * (all users), %groupname
- type: soft (soft limit), hard (hard limit), - (set both soft and hard limits)
- item: resource type, such as nofile, nproc, memlock, etc.
- value: limit value, unlimited means no limit
Configuration examples:
# Limit maximum open files for all users * soft nofile 65535 * hard nofile 65535 # Limit maximum processes for specific user username soft nproc 4096 username hard nproc 8192 # Limit maximum memory for specific group @groupname soft memlock 1048576 @groupname hard memlock 2097152 # Enable core files * soft core unlimited * hard core unlimited
Temporary modification of limits:
- Modify in current shell: ulimit -n 65535
- Only valid for current shell and its child processes
- Invalid after exiting shell
Permanent modification of limits:
- Edit /etc/security/limits.conf file
- Edit configuration files in /etc/security/limits.d/ directory
- Requires re-login to take effect after modification
- For service processes, need to restart the service
systemd service limits:
- Set limits in service configuration file
- Configuration items:
- LimitNOFILE=65535: maximum number of open files
- LimitNPROC=4096: maximum number of processes
- LimitMEMLOCK=infinity: maximum locked memory
- LimitCORE=infinity: core file size
- Example:
shell
[Service] LimitNOFILE=65535 LimitNPROC=4096
Common application scenarios:
- Web servers (Nginx, Apache):
- Increase maximum open files: ulimit -n 65535
- Increase maximum processes: ulimit -u 4096
- Database servers (MySQL, PostgreSQL):
- Increase maximum open files: ulimit -n 65535
- Increase core file size: ulimit -c unlimited
- High concurrency applications:
- Increase maximum open files: ulimit -n 65535
- Increase maximum processes: ulimit -u 8192
- Development environment:
- Enable core files: ulimit -c unlimited
- Increase core file size: ulimit -c unlimited
View process limits:
- View limits for PID: cat /proc/PID/limits
- View number of open files for process: ls /proc/PID/fd | wc -l
- View number of process threads: ps -eLf | grep PID | wc -l
Troubleshooting:
- "Too many open files" error: increase ulimit -n
- "Cannot allocate memory" error: check memory limits
- Process cannot start: check process limit
- Core file not generated: check core file limit
Best practices:
- Set reasonable limit values based on application requirements
- Do not set excessively high limit values to avoid resource exhaustion
- Monitor resource usage and adjust limits in time
- Verify in test environment before applying in production
- Regularly check and update limit configurations