Difference between /etc/security/limits.conf and /proc/$PID/limits

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite
1












My configuration in /etc/security/limits.conf is



* soft nofile 60000
* hard nofile 60000


I run nginx in ubuntu.after reboot the ubuntu, ulimit -n is 60000, but 



cat /proc/`ps -elf | grep nginx | grep 'master process' | awk 'print $4'`/limits| grep 'open files'


the answer is 1024, why not 60000?




ubuntu




share|improve this question


























    up vote
    0
    down vote

    favorite
    1












    My configuration in /etc/security/limits.conf is



    * soft nofile 60000
    * hard nofile 60000


    I run nginx in ubuntu.after reboot the ubuntu, ulimit -n is 60000, but 



    cat /proc/`ps -elf | grep nginx | grep 'master process' | awk 'print $4'`/limits| grep 'open files'


    the answer is 1024, why not 60000?




    ubuntu




    share|improve this question
























      up vote
      0
      down vote

      favorite
      1









      up vote
      0
      down vote

      favorite
      1






      1





      My configuration in /etc/security/limits.conf is



      * soft nofile 60000
      * hard nofile 60000


      I run nginx in ubuntu.after reboot the ubuntu, ulimit -n is 60000, but 



      cat /proc/`ps -elf | grep nginx | grep 'master process' | awk 'print $4'`/limits| grep 'open files'


      the answer is 1024, why not 60000?




      ubuntu




      share|improve this question














      My configuration in /etc/security/limits.conf is



      * soft nofile 60000
      * hard nofile 60000


      I run nginx in ubuntu.after reboot the ubuntu, ulimit -n is 60000, but 



      cat /proc/`ps -elf | grep nginx | grep 'master process' | awk 'print $4'`/limits| grep 'open files'


      the answer is 1024, why not 60000?





      ubuntu





      share|improve this question













      share|improve this question




      share|improve this question








      edited Mar 6 at 3:23









      muru

      33.4k577141




      33.4k577141










      asked Mar 6 at 2:56









      shenjinrui

      1




      1




















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          3
          down vote













          /etc/security/limits.conf is read by the PAM module pam_limits.so at login.



          But when nginx is started at boot, it never passes through a login procedure, so PAM never has a chance to make any ulimit changes to the nginx process or any of its parent processes.



          If your nginx is started by a script, then you should add the ulimit commands to the script:



          ulimit -H -n 60000
          ulimit -S -n 60000


          If nginx is started by a systemd .service file, use systemctl edit nginx.service, and add this line to the [Service] section of the file:



          LimitNOFILE=60000:60000


          systemctl edit some.service will automatically take the original service file from [/usr]/lib/systemd tree and place the modified version under /etc/systemd instead. Any files in /etc/systemd will override any files with the same name located in [/usr]/lib/systemd tree.



          It will also cause the service configuration to be automatically reloaded, so you don't need to use systemctl daemon-reload manually.






          share|improve this answer


















          • 1




            You should use systemctl edit foo.service instead of manually copy-creating override files.
            – muru
            Mar 6 at 7:21










          • Good point, edited my answer.
            – telcoM
            Mar 6 at 7:35










          • Beaten by muru. I was going to say the same. And also note that you missed out an Upstart job file, the actual most likely alternative to a systemd unit. There's a lot more on this subject on AskUbuntu. Witness askubuntu.com/questions/941617 , askubuntu.com/questions/635110 , and many others.
            – JdeBP
            Mar 6 at 7:45










          • I'm actually not too familiar with Upstart as used on Ubuntu; feel free to edit my answer to add specifics on Upstart.
            – telcoM
            Mar 6 at 7:49











          Your Answer







          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "106"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: false,
          noModals: false,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );








           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f428406%2fdifference-between-etc-security-limits-conf-and-proc-pid-limits%23new-answer', 'question_page');

          );

          Post as a guest

















          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          3
          down vote













          /etc/security/limits.conf is read by the PAM module pam_limits.so at login.



          But when nginx is started at boot, it never passes through a login procedure, so PAM never has a chance to make any ulimit changes to the nginx process or any of its parent processes.



          If your nginx is started by a script, then you should add the ulimit commands to the script:



          ulimit -H -n 60000
          ulimit -S -n 60000


          If nginx is started by a systemd .service file, use systemctl edit nginx.service, and add this line to the [Service] section of the file:



          LimitNOFILE=60000:60000


          systemctl edit some.service will automatically take the original service file from [/usr]/lib/systemd tree and place the modified version under /etc/systemd instead. Any files in /etc/systemd will override any files with the same name located in [/usr]/lib/systemd tree.



          It will also cause the service configuration to be automatically reloaded, so you don't need to use systemctl daemon-reload manually.






          share|improve this answer


















          • 1




            You should use systemctl edit foo.service instead of manually copy-creating override files.
            – muru
            Mar 6 at 7:21










          • Good point, edited my answer.
            – telcoM
            Mar 6 at 7:35










          • Beaten by muru. I was going to say the same. And also note that you missed out an Upstart job file, the actual most likely alternative to a systemd unit. There's a lot more on this subject on AskUbuntu. Witness askubuntu.com/questions/941617 , askubuntu.com/questions/635110 , and many others.
            – JdeBP
            Mar 6 at 7:45










          • I'm actually not too familiar with Upstart as used on Ubuntu; feel free to edit my answer to add specifics on Upstart.
            – telcoM
            Mar 6 at 7:49















          up vote
          3
          down vote













          /etc/security/limits.conf is read by the PAM module pam_limits.so at login.



          But when nginx is started at boot, it never passes through a login procedure, so PAM never has a chance to make any ulimit changes to the nginx process or any of its parent processes.



          If your nginx is started by a script, then you should add the ulimit commands to the script:



          ulimit -H -n 60000
          ulimit -S -n 60000


          If nginx is started by a systemd .service file, use systemctl edit nginx.service, and add this line to the [Service] section of the file:



          LimitNOFILE=60000:60000


          systemctl edit some.service will automatically take the original service file from [/usr]/lib/systemd tree and place the modified version under /etc/systemd instead. Any files in /etc/systemd will override any files with the same name located in [/usr]/lib/systemd tree.



          It will also cause the service configuration to be automatically reloaded, so you don't need to use systemctl daemon-reload manually.






          share|improve this answer


















          • 1




            You should use systemctl edit foo.service instead of manually copy-creating override files.
            – muru
            Mar 6 at 7:21










          • Good point, edited my answer.
            – telcoM
            Mar 6 at 7:35










          • Beaten by muru. I was going to say the same. And also note that you missed out an Upstart job file, the actual most likely alternative to a systemd unit. There's a lot more on this subject on AskUbuntu. Witness askubuntu.com/questions/941617 , askubuntu.com/questions/635110 , and many others.
            – JdeBP
            Mar 6 at 7:45










          • I'm actually not too familiar with Upstart as used on Ubuntu; feel free to edit my answer to add specifics on Upstart.
            – telcoM
            Mar 6 at 7:49













          up vote
          3
          down vote










          up vote
          3
          down vote









          /etc/security/limits.conf is read by the PAM module pam_limits.so at login.



          But when nginx is started at boot, it never passes through a login procedure, so PAM never has a chance to make any ulimit changes to the nginx process or any of its parent processes.



          If your nginx is started by a script, then you should add the ulimit commands to the script:



          ulimit -H -n 60000
          ulimit -S -n 60000


          If nginx is started by a systemd .service file, use systemctl edit nginx.service, and add this line to the [Service] section of the file:



          LimitNOFILE=60000:60000


          systemctl edit some.service will automatically take the original service file from [/usr]/lib/systemd tree and place the modified version under /etc/systemd instead. Any files in /etc/systemd will override any files with the same name located in [/usr]/lib/systemd tree.



          It will also cause the service configuration to be automatically reloaded, so you don't need to use systemctl daemon-reload manually.






          share|improve this answer














          /etc/security/limits.conf is read by the PAM module pam_limits.so at login.



          But when nginx is started at boot, it never passes through a login procedure, so PAM never has a chance to make any ulimit changes to the nginx process or any of its parent processes.



          If your nginx is started by a script, then you should add the ulimit commands to the script:



          ulimit -H -n 60000
          ulimit -S -n 60000


          If nginx is started by a systemd .service file, use systemctl edit nginx.service, and add this line to the [Service] section of the file:



          LimitNOFILE=60000:60000


          systemctl edit some.service will automatically take the original service file from [/usr]/lib/systemd tree and place the modified version under /etc/systemd instead. Any files in /etc/systemd will override any files with the same name located in [/usr]/lib/systemd tree.



          It will also cause the service configuration to be automatically reloaded, so you don't need to use systemctl daemon-reload manually.







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Mar 6 at 7:35

























          answered Mar 6 at 6:34









          telcoM

          10.7k11132




          10.7k11132







          • 1




            You should use systemctl edit foo.service instead of manually copy-creating override files.
            – muru
            Mar 6 at 7:21










          • Good point, edited my answer.
            – telcoM
            Mar 6 at 7:35










          • Beaten by muru. I was going to say the same. And also note that you missed out an Upstart job file, the actual most likely alternative to a systemd unit. There's a lot more on this subject on AskUbuntu. Witness askubuntu.com/questions/941617 , askubuntu.com/questions/635110 , and many others.
            – JdeBP
            Mar 6 at 7:45










          • I'm actually not too familiar with Upstart as used on Ubuntu; feel free to edit my answer to add specifics on Upstart.
            – telcoM
            Mar 6 at 7:49













          • 1




            You should use systemctl edit foo.service instead of manually copy-creating override files.
            – muru
            Mar 6 at 7:21










          • Good point, edited my answer.
            – telcoM
            Mar 6 at 7:35










          • Beaten by muru. I was going to say the same. And also note that you missed out an Upstart job file, the actual most likely alternative to a systemd unit. There's a lot more on this subject on AskUbuntu. Witness askubuntu.com/questions/941617 , askubuntu.com/questions/635110 , and many others.
            – JdeBP
            Mar 6 at 7:45










          • I'm actually not too familiar with Upstart as used on Ubuntu; feel free to edit my answer to add specifics on Upstart.
            – telcoM
            Mar 6 at 7:49








          1




          1




          You should use systemctl edit foo.service instead of manually copy-creating override files.
          – muru
          Mar 6 at 7:21




          You should use systemctl edit foo.service instead of manually copy-creating override files.
          – muru
          Mar 6 at 7:21












          Good point, edited my answer.
          – telcoM
          Mar 6 at 7:35




          Good point, edited my answer.
          – telcoM
          Mar 6 at 7:35












          Beaten by muru. I was going to say the same. And also note that you missed out an Upstart job file, the actual most likely alternative to a systemd unit. There's a lot more on this subject on AskUbuntu. Witness askubuntu.com/questions/941617 , askubuntu.com/questions/635110 , and many others.
          – JdeBP
          Mar 6 at 7:45




          Beaten by muru. I was going to say the same. And also note that you missed out an Upstart job file, the actual most likely alternative to a systemd unit. There's a lot more on this subject on AskUbuntu. Witness askubuntu.com/questions/941617 , askubuntu.com/questions/635110 , and many others.
          – JdeBP
          Mar 6 at 7:45












          I'm actually not too familiar with Upstart as used on Ubuntu; feel free to edit my answer to add specifics on Upstart.
          – telcoM
          Mar 6 at 7:49





          I'm actually not too familiar with Upstart as used on Ubuntu; feel free to edit my answer to add specifics on Upstart.
          – telcoM
          Mar 6 at 7:49













           

          draft saved


          draft discarded


























           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f428406%2fdifference-between-etc-security-limits-conf-and-proc-pid-limits%23new-answer', 'question_page');

          );

          Post as a guest
































































          -

          Popular posts from this blog

          How to check contact read email or not when send email to Individual?

          Image
          Clash Royale CLAN TAG #URR8PPP up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Sep 26 at 0:12 ToanLuong 49 9 add a comment  |  up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Se
          Read more

          Bahrain

          Image
          For other uses, see Bahrain (disambiguation). Sovereign island state in the Persian Gulf Kingdom of Bahrain مملكة البحرين   (Arabic) Mamlakat al-Baḥrayn Flag Coat of arms Anthem:  نشيد البحرين الوطني Bahrainona Our Bahrain Location of   Bahrain    (circled in red) Capital and largest city Manama 26°13′N 50°35′E  /  26.217°N 50.583°E  / 26.217; 50.583 Official languages Arabic Ethnic groups (2010 [1] ) 50.7% Arab (46% Bahrani, 4.7% other Arabs) 45.5% Asian 1% European 1.2% Others Religion Islam Demonym(s) Bahraini Government Unitary constitutional monarchy • King Hamad bin Isa Al Khalifa • Crown Prince Salman bin Hamad bin Isa Al Khalifa • Prime Minister Khalifa bin Salman Al Khalifa Legislature National Assembly • Upper house Consultative Council • Lower house Council of Representatives Independence • Declared Independence [2] 14 August 1971 • from United Kingdom [1] 15 August 1971 • Admitted to the United Nations 21 September 1971 • Kingdom of Bahrain 14 February 2002
          Read more

          Postfix configuration issue with fips on centos 7; mailgun relay

          Image
          Clash Royale CLAN TAG #URR8PPP up vote 0 down vote favorite I am trying to setup postfix to relay all mail generated on the local machine via SMTP to a mailgun relay. I have used the mailgun relay before with success on an ubuntu server, but I am migrating to a Centos 7 server which I will be running in FIPS mode. There error log is below, slightly sanitized. I have a small enough network that I choose to have each machine reach out to mailgun individually (this the loopback-only, 127.0.0.0/8 restrictions) and no firewall open port allowing smtp in to the machine. I assume the FIPS mode (and with it disabling of MD5) is causing problems, but I don't know how to overcome it or if it is even possible for tls_fprint to use some supported hash such as sha256 or sha512. However, the relay=none is slightly concerning since I have relayhost set, but perhaps that is because the smtp process is failing? Any help would be appreciated! postconf -n: alias_database = hash:/etc/alia
          Read more