Setting the max open files value

blowtorch · #1 (**permalink**) 04-11-2008

I'm trying to set the open files value to 4000 on a SLES 9 system.

Current values:

Code:

ulimit -n
1024

I can set it using this:

Code:

ulimit -n 4000
ulimit -n
4000

But this obviously sets it only for the shell session where I run the command to set it. I want to set this to 4000 for all time.

What I've tried so far:

Extract from /etc/security/limits.conf:

Code:

*       hard    nofile  4000
*       soft    nofile  4000

In the sshd and login files in /etc/pam.d,

Code:

grep pam_limits.so login sshd
login:session  required       pam_limits.so
sshd:session  required       pam_limits.so

What am I missing here? I even tried a reboot (I don't know if it was required, but the server isn't live, so I can experiment a bit :P)

reborg · #2 (**permalink**) 04-11-2008

That looks like everything to me.

You don't have any "sufficient" modules earlier in the list in those pam configuration files by any chance?

I don't have a SLES server handy, but on SuSE I have exactly that configuration and it is working correctly.

/etc/security/limits:

Code:

#@student        -       maxlogins       4
*	soft	nofile	64000	
*	hard	nofile	64000
# End of file

/etc/pam.d/sshd:

Code:

auth     required       pam_unix2.so	# set_secrpc
auth     required       pam_nologin.so
auth     required       pam_env.so
account  required       pam_unix2.so
account  required	pam_nologin.so
password required       pam_pwcheck.so
password required       pam_unix2.so	use_first_pass use_authtok
session  required       pam_unix2.so	none # trace or debug
session  required       pam_limits.so

Result:

Code:

# ulimit -n 
64000

A reboot is not needed, just a new login session when you change this.

blowtorch · #3 (**permalink**) 04-13-2008

Thanks for checking reborg. I do have an extra line in the /etc/pam.d/sshd file "auth optional pam_lockout.so minuid=100". I doubt that it has anything to do with the limits.conf file though.

An update...

I found that connecting by telnet sets the value to 4000 as set in /etc/security/limits.conf, but using ssh still keeps the old (default) value of 1024. A colleague suggested that this has something to do with the UsePrivilegeSeparation directive in sshd_config.

However this directive was originally not present in my sshd_config file (I don't know the default value), and I tried setting it to both yes and no (restarting sshd each time, ofcourse), but it made no difference.

Again, if anyone has any further suggestions, it would help.

Reborg, if you could tell me what the UsePrivilegeSeparation is set to on your SuSE box, it would help too.

blowtorch · #4 (**permalink**) 04-14-2008

Fixed the problem! A close look at the sshd_config file showed that Use_PAM wasn't set at all. Set that to yes. Also set ChallengeResponseAuthentication to no.

Code:

UsePAM yes
ChallengeResponseAuthentication no

After this a restart of sshd is all that it takes to fix it.

More UNIX and Linux Forum Topics You Might Find Helpful
Thread	Thread Starter	Forum	Replies	Last Post
Too Many files open	shashank_recj	UNIX for Advanced & Expert Users	3	08-02-2006 10:57 AM
changing the setting for open files	oppai	SUN Solaris	1	06-01-2005 05:23 PM
Setting Default Permissions for Files	robbieg	UNIX for Dummies Questions & Answers	1	11-24-2004 05:26 PM
too many files open and questions	lmcanth	UNIX for Advanced & Expert Users	7	01-04-2004 09:38 PM
open ASCII files	Wing m. Cheng	High Level Programming	2	10-27-2001 03:12 PM

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Switch to Linear Mode Hybrid Mode Switch to Threaded Mode	Rate This Thread:


	Powered by