On CentOS 6.4 / 64 bit - how to find the limits of the user "nobody"?
Because I can not just su - nobody and call ulimit -a:
# id nobody
uid=99(nobody) gid=99(nobody) groups=99(nobody)
# su - nobody
This account is currently not available.
UPDATE:
I am asking: how to call ulimit -a for the CentOS user nobody, so that I can adjust /etc/security/limits.conf in regard to the max number of open files for that user.
EVEN MORE DETAILS:
I have a perl script (a non-forking TCP-sockets based card game daemon) which is being started by init (I've created a file for it: /etc/init/my_card_game.conf), but then drops super user privilleges and runs as nobody:
sub drop_privs {
my ($uid, $gid) = (getpwnam('nobody'))[2, 3];
die "User nobody not found\n" unless $uid && $gid;
umask(0);
chdir('/tmp') or die "Can not chdir to /tmp: $!\n";
#chroot('/tmp') or die "Can not chroot to /tmp: $!\n";
# try to set the real, effective and save uid
setgid($gid) or die "Can not set gid to $gid: $!\n";
setuid($uid) or die "Can not set uid to $uid: $!\n";
# try to regain privileges - this should fail
die "Not able to drop privileges\n" if setuid(0) || setgid(0);
}
I want to make sure it has a big enough max number of nofiles - so that it can serve all connected clients.
The limits must be raised before privileges are dropped since privileges are needed to raise hard resource limits. You can add code to your script to do it. But the easiest way is to make a shell script that launches your perl script. The shell script can use
ulimitsince it will still have privileges. (Users have nothing to do with this. Resource limits are attributes of processes.)The -u flag to ulimit, from the ulimit man page:
In RedHat / CentOS, the file
/etc/security/limits.confdescribes the per-user limits. So if you are running out of file descriptors for a particular user (eg your apache "nobody" user), you can add a line to the end of that file (by default it's empty). Increasing this from 4096 to 32768 solved a problem for us on a ColdFusion 10 / apache 2.2 / RedHat server.