Debian 8.0, pam 1.1.8-3.1, sshd 1:6.7p1-5.
I'm trying to permanently increase the maximum number of open files.
In /etc/pam.d/ I've got:
/etc/pam.d# grep pam_limits.so *
atd:session required pam_limits.so
common-session:session required pam_limits.so
common-session-noninteractive:session required pam_limits.so
cron:session required pam_limits.so
login:session required pam_limits.so
runuser:session required pam_limits.so
sshd:session required pam_limits.so
su:session required pam_limits.so
In /etc/security/limits.conf:
* hard nofile 20000500
* soft nofile 20000500
In /etc/ssh/sshd_config:
UsePAM yes
In /etc/sysctl.conf:
fs.file-max = 20000500
I've rebooted the OS and what I'm seeing in /var/log/auth.log is:
sshd[807]: pam_limits(sshd:session): Could not set limit for 'nofile' to soft=20000500, hard=20000500: Operation not permitted; uid=0,euid=0
Same thing trying to do ulimit -Hn 20000500 as root:
bash: ulimit: open files: cannot modify limit: Operation not permitted
Using trial-and-error, I've found the maximum number I can give ulimit -Hn without failing: 1048576. Why exactly this number and where does it come from?
P.S. When it says "operation not permitted", how do I know who decides? I assume the code within pam_limits.so is trying to set the limits, but who does actually refuse? Is it the PAM system which possibly takes over the whole security system in the OS?
