I have sparse root solaris-10 zone. I got a request to increase ulimit for a specific user on that zone from 1024 to 8192. Since this is sparse zone, so it doesn't have /etc/system and also I do not want to reboot server.
PHP Code:
root@serv_ora1:/# ulimit -a core file size (blocks, -c) unlimited data seg size (kbytes, -d) unlimited file size (blocks, -f) unlimited open files (-n) 8192 pipe size (512 bytes, -p) 10 stack size (kbytes, -s) 8192 cpu time (seconds, -t) unlimited max user processes (-u) 29995 virtual memory (kbytes, -v) unlimited root@serv_ora1:/# su - rdp2weblq $ ulimit -a time(seconds) unlimited file(blocks) unlimited data(kbytes) unlimited stack(kbytes) 8192 coredump(blocks) unlimited nofiles(descriptors) 1024 vmemory(kbytes) unlimited $ ulimit -n 8192 ksh: ulimit: exceeds allowable limit $
Also, /etc/system of global server doesn't have rlim entries.
Please suggest.
Last edited by solaris_1977; 10-01-2012 at 10:33 AM..
If you are not familar with these, carefully edit the /etc/project file.
Assume your user is named foo and foo is in group 444. the 999 is the project number, which has to be unique, add the following line:
Have the user log out and then back in. The following command shows all the available resources for the user when run by the user (otherwise you have to get the process pid):
Code:
prctl $$
There are other better ways to create the project, but the learning curve is pretty steep to make one change. You should make every effort to learn all about the projects as you progress in system mgt.
Start with man pages for prctl(1), projects(1), and project(4)
Last edited by jim mcnamara; 10-01-2012 at 11:28 AM..
The one zone is that way because of projects. That is how you are meant to control process-level resources.
What does prctl $$ show on that zone for that user? (you cannot get around this just because you do not like projects) ulimit will not go beyond resource limits unless the user is root. Do you want to give him/her root access? That is the quickest way. Also the most dangerous possible way.
On this zone, I do not want to give him root access. Below is required output
PHP Code:
$ id uid=35818(rdp2weblq) gid=25157(rundowngrp_qp2) $ prctl $$ process: 12278: -ksh NAME PRIVILEGE VALUE FLAG ACTION RECIPIENT process.max-port-events privileged 65.5K - deny - system 2.15G max deny - process.max-msg-messages privileged 8.19K - deny - system 4.29G max deny - process.max-msg-qbytes privileged 64.0KB - deny - system 16.0EB max deny - process.max-sem-ops privileged 512 - deny - system 2.15G max deny - process.max-sem-nsems privileged 4.48K - deny - system 32.8K max deny - process.max-address-space privileged 16.0EB max deny - system 16.0EB max deny - process.max-file-descriptor privileged 1.02K - deny - system 2.15G max deny - process.max-core-size privileged 8.00EB max deny - system 8.00EB max deny - process.max-stack-size basic 8.00MB - deny 12278 privileged 8.00EB - deny - system 8.00EB max deny - process.max-data-size privileged 16.0EB max deny - system 16.0EB max deny - process.max-file-size privileged 8.00EB max deny,signal=XFSZ - system 8.00EB max deny - process.max-cpu-time privileged 18.4Es inf signal=XCPU - system 18.4Es inf none - task.max-cpu-time system 18.4Es inf none - task.max-lwps system 2.15G max deny - project.max-contracts privileged 10.0K - deny - system 2.15G max deny - project.max-device-locked-memory privileged 15.7GB - deny - system 16.0EB max deny - project.max-locked-memory system 16.0EB max deny - project.max-port-ids privileged 8.19K - deny - system 65.5K max deny - project.max-shm-memory privileged 62.8GB - deny - system 16.0EB max deny - project.max-shm-ids privileged 4.48K - deny - system 16.8M max deny - project.max-msg-ids privileged 128 - deny - system 16.8M max deny - project.max-sem-ids privileged 4.48K - deny - system 16.8M max deny - project.max-crypto-memory privileged 62.8GB - deny - system 16.0EB max deny - project.max-tasks system 2.15G max deny - project.max-lwps system 2.15G max deny - project.cpu-cap system 4.29G inf deny - project.cpu-shares privileged 1 - none - system 65.5K max none - zone.max-swap privileged 12.0GB - deny - system 16.0EB max deny - zone.max-locked-memory privileged 6.00GB - deny - system 16.0EB max deny - zone.max-shm-memory system 16.0EB max deny - zone.max-shm-ids system 16.8M max deny - zone.max-sem-ids system 16.8M max deny - zone.max-msg-ids system 16.8M max deny - zone.max-lwps system 2.15G max deny - zone.cpu-cap system 4.29G inf deny - zone.cpu-shares privileged 1 - none - system 65.5K max none - $
There is your problem - file descriptors are 1.02k - 1024. You have to create an entry in /etc/projects for that one user. You have essentially answered your own question.
Hi, hoping someone can help, its been a while since I used Solaris.
After creating a NGZ (non global zone), the NGZ can access the GZ (Global Zone) and the GZ can access the NGZ (using ssh, zlogin)
However, the NGZ cannot access any other netwqork devices, it can't even see the default router
... (2 Replies)
I want to migrate a solaris 10 os to solaris 11.4 zone.
I did this
a)Collect some data like id sysid,disks,ip,etc..on solaris10
OK
b)Create this file.cfg with this command on solaris 10
zonep2vchk -c > /migration/sol10.cfg
OK
c)Create the archive flash on Solaris10 (1 Reply)
I am planning to do solaris 11 global zone patching having solaris 10 branded zone. I have a doubts on step 8 specially
Can someone clear my step 8 doubts or if anything wrong between step 1 to step 9 please correct that also as I have pretty good idea about Step 10 mean patching in solaris 10... (2 Replies)
Hi Gurus
I am not able to find the patching procedure for solaris 10 ( sol10 u11) to latest patchset with sun cluster having failover zones so that same I should follow.
Take an instance, there are sol1 and sol2 nodes and having two failover zones like sozone1-rg and sozone2-rg and currently... (1 Reply)
Dear all,
recently, I migrated a solaris zone from one host to another. The zone was inside of a zpool. The zpool cotains two volumes.
I did the following:
host1:
$ zlogin zone1 shutdown -y -g0 -i0 #Zone status changes from running to installed
$ zpool export zone1
host2:
$ zpool... (2 Replies)
Hi everyone!
I am in dire need to know what are the differences between a solaris zone and a solaris container.. Explanations over the net are very confusing. Please help. Thanks! (8 Replies)
Hi All ,
I try to install some packages in my global zone...
On the execution of the installion of the script it quits by saying the error
"Non global zone check failed"
Kindly help me in this regard
Thanks in advance,
jeganr (7 Replies)
How do you make the ulimit values permanent for a user?
by default, the root login has the following ulimits:
# ulimit -a
time(seconds) unlimited
file(blocks) unlimited
data(kbytes) unlimited
stack(kbytes) 8192
coredump(blocks) unlimited
nofiles(descriptors) 1024
memory(kbytes)... (2 Replies)
