Ulimit
ulimit is a built-in Linux shell command that allows viewing or limiting system resource amounts that individual users consume. Limiting resource usage is valuable in environments with multiple users and system performance issues.
/etc/security/limits.conf file is a configuration file that defines the system resource allocation settings ulimit uses. Changing the values in the file persist after system reboot.
To specify the type with ulimit, we use -H (hard) and -S (soft), where -H sets hard limits, while -S sets soft limits. By default, without either flag, -S is presumed[1]
Soft limit
The soft limit is manageable by any user, and its maximum value cannot exceed the hard limit. The hard limit acts as a ceiling for the soft limit.
ulimit -Sa
Hard Limit
The hard resource limit defines physical resource limit for a user. At the same time, the hard limit is the maximum value for soft limit. Only root users are allowed to change the hard limit.
ulimit -Ha
Flag
The ulimit command takes the following general syntax
ulimit [flags][limit]
| Flag | Effect to | Description |
|---|---|---|
-H
|
The hard limit for the given resource. Only root users can raise the hard limit, and any process can lower it. | |
-S
|
The soft limit for the given resource. Any process can change the soft limit. | |
-a
|
Lists all current resource limits. | |
-b
|
socket | The maximum socket buffer size. |
-c
|
core dump | The core dump size, expressed in the number of 512-byte blocks. |
-d
|
file | The data area size, in kilobytes. |
-e
|
process | The highest process scheduling priority (nice). |
-f
|
file | The file size limit in blocks when using the [limit] parameter. Not specifying a [limit] instructs the command to report the file size limit.
|
-i
|
signal | The pending signal number limit. |
-k
|
socket | The queue allocation number limit. |
-l
|
memory | The maximum size allowed for locking in memory. |
-m
|
memory | The physical memory size, in kilobytes. |
-n
|
process | The maximum number of file descriptors that a process can have. |
-p
|
pipe | The pipe buffer size. |
-P
|
terminals | The maximum number of pseudo terminals. |
-q
|
message queues | The maximum number of bytes in POSIX message queues. |
-r
|
thread | The maximum number of threads a process can have. |
-R
|
process | The maximum process running time, expressed in microseconds. |
-s
|
memory | The stack size, in kilobytes. |
-t
|
process | Specifies a process' maximum running time, in seconds. |
-T
|
thread | The thread number limit. |
-u
|
process | Specifies how many processes a user can create. |
-v
|
memory | The maximum virtual memory available for processes. |
-x
|
file | The maximum number of file locks. |
Example
Resource limits set with ulimit are not system-wide and only apply to processes started in the same shell session and their descendants.
#limit the process number to 10
ulimit -u 10
#limits the file size to 50KB
ulimit -f 50
#limits the virtual memory available for a process to 1000KB
ulimit -v 1000
#limits the number of open files to five
ulimit -n 5
limit keywords
- core – limits the core file size (KB)
- data – max data size (KB)
- fsize – maximum filesize (KB)
- memlock – max locked-in-memory address space (KB)
- nofile – max number of open files
- rss – max resident set size (KB)
- stack – max stack size (KB)
- cpu – max CPU time (MIN)
- nproc – max number of processes
- as – address space limit (KB)
- maxlogins – max number of logins for this user
- maxsyslogins – max number of logins on the system
- priority – the priority to run user process with
- locks – max number of file locks the user can hold
- sigpending – max number of pending signals
- msgqueue – max memory used by POSIX message queues (bytes)
- nice – max nice priority allowed to raise to values: [-20, 19]
- rtprio – max realtime priority
- chroot – change root to directory (Debian-specific)
Tuning ulimit
File descriptor limit
On Ubuntu, the default file descriptor limit is 1024 which can be checked by $ulimit -n.
To increase this value if you are running an application server which receive thousands or millions of request each second
Add those lines to file /etc/security/limits.conf
* - nofile 1048576
then relogin and check $ulimit -n
system wide file descriptor limit can be done through fs.file-max[2]
Use the following command command to display maximum number of open file descriptors:
cat /proc/sys/fs/file-max
The number of concurrently open file descriptors throughout the system can be changed
via /etc/sysctl.conf file under Linux operating systems.
for temperary change,
# sysctl -w fs.file-max=100000
for permenant change, add following line in /etc/sysctl.conf
fs.file-max = 100000
to changes take effect just type and check /proc/sys/fs/file-max
# sysctl -p
In order to allow allocation of large amount of pinned memory
#ulimit -v unlimited
#ulimit -m unlimited
#ulimit -l unlimited
RHEL/CentOS/Fedora/Scientific Linux users need additional configuration to edit /etc/pam.d/common-session file and add/modify the following line
session required pam_limits.so