You should probably check the highest voted answer ServerFault SE where are the default ulimit values set? (linux, centos)
.
UPDATE:
As suggested, copy/pasting the information from the other site:
These "default" limits are applied by:
- the Linux kernel at boot time (to the
init
process),
- inheritance, from the parent process' limits (at
fork(2)
time),
- PAM when the user session is opened (can replace kernel/inherited values),
- the process itself (can replace PAM & kernel/inherited values, see
setrlimit(2)
).
Normal users' processes cannot rise hard limits.
The Linux kernel
At boot time, Linux sets default limits to the init
process, which are then inherited by all the other (children) processes. To see this limit: grep process /proc/1/limits
.
For example, the kernel default for maximum number of file descriptors (ulimit -n
) was 1024/1024 (soft, hard), and has been raised to 1024/4096 in Linux 2.6.39.
The default maximum number of processes you're talking about is limited to approximately:
Total RAM in kB / 128
for x86 architectures (at least), but distributions sometimes change default kernel values, so check your kernel source code for kernel/fork.c
, fork_init()
. The "number of processes" limit is called RLIMIT_NPROC there.
PAM
Usually, to ensure user authentification at login, PAM is used along with some modules (see /etc/pam.d/login
).
On Debian, the PAM module responsible for setting limits is here : /lib/security/pam_limits.so
.
This library will read its configuration from limits.conf
and limits.d/*.conf
, but even if those files are empty, pam_limits.so might use hardcoded values that you can check within the source code.
For example, on Debian, the library has been patched so that by default, the maximum number of processes (nproc
) is unlimited, and the maximum number of files (nofile
) is 1024/1024:
case RLIMIT_NOFILE:
pl->limits[i].limit.rlim_cur = 1024;
pl->limits[i].limit.rlim_max = 1024;
So, check your CentOS' PAM module source code (look for RLIMIT_NPROC).
However, please note that many processes will not go through PAM (usually, if they are not launched by a logged in user, like daemons and maybe cron jobs).
Changes made by ulimit
will apply only to the current processes. If you need to make them permanent, you must edit /etc/security/limits.conf
About your 3rd question .. it depends what you run on your server, for certain applications you might need a higher number.
ulimit -n
sets soft limit, ulimit -Hn
sets hard limit.
Best Answer
No but you should close all active sessions windows. They still remember the old values. In other words, log out and back in. Every remote new session or a local secure shell take effect of the limits changes.