I would like to:
- make a soft 64GB limit for resident memory (so inexperienced users will get their run-amok processes killed, but experienced users can raise the limit for memory hungry processes)
- raise the hard limit for nofile, but keep the soft limit at 1024 (so if a certain program needs more filehandles, the user can grant them, but run-amok programs will not get them).
As far as I can see, I should be able to do that in /etc/security/limits.conf (or in /etc/security/limits.d/*):
* soft rss 64000000
* hard nofile 50000
* soft nofile 1024
I can, however, not find a way reload these values with out rebooting. I have read that the values are reloaded when logging in; it works when I do su - user but it does not work through ssh user@localhost.
I have the pam_limits.so in /etc/pam.d:
/etc/pam.d/login:session required pam_limits.so
/etc/pam.d/sshd:session required pam_limits.so
/etc/pam.d/su:session required pam_limits.so
I have PAM in sshd_config:
/etc/ssh/sshd_config:UsePAM yes
I know I can set the values using ulimit and sysctl, but I would like to test that the /etc/security/limits.conf is doing the right thing without rebooting.
How can I make sure that the values are being set when people login using ssh without rebooting?
Grrr....
UseLoginis not needed.UsePAM yesis needed.A restart of
sshdis only needed ifUsePAMwas changed from no to yes.Disabling my own
~/.ssh/configwas needed very much!I had
Control* statements in my~/.ssh/configwhich re-used the ssh channel and thus I would not discover the change.Thanks to Samed Beyribey and quanta, whose help gave me the idea to run
ssh -vvwhich gives very different output when you haveControl* statements.The reason is: by default, SSH opening a non-login shell, so limits is not being applied.
To make it uses a login shell, edit your
sshd_configfile and uncomment/change#UseLogin notoUseLogin yes:Reload the
sshdand try again.Source: http://znx.no/2011/01/ssh-and-limits/