The error might occurs due to many reasons.
First of all, Use the following command command to display maximum number of open file descriptors:
$ cat /proc/sys/fs/file-max
Let's pretend the output was 4096, what does it mean? It means, 4096 files a normal user can have open in single login session, you can also display it by checking its Hard and Soft limits by using the commands as follows:
$ ulimit -Hn
$ ulimit -Sn
The number of concurrently open file descriptors throughout the system can be changed by editing /etc/sysctl.conf
. You can increase the maximum number of open files by setting system-wide file descriptors limits as a new value in kernel variable in /proc/sys/fs/file-max
as follows:
$ sysctl -w fs.file-max=200000 #it forces the limit to 200000 files
Then you should edit /etc/sysctl.conf
file so that after reboot the setting will remain as you wished. To do so, add the following lines:
$ fs.file-max = 200000
No need to log out and log back in again, just type:
$ sysctl -p
Then you can verify changes by:
$ cat /proc/sys/fs/file-max
OR
$ sysctl fs.file-max
Then for changing Soft and Hard limits for users, it's better to login as root since a normal user can only change its Soft limit, Hard limits are managed by root. As You've mentioned, for doing it as root you should change User Level File-Discriptor (FD) in /etc/security/limits.conf
. For instance if it's for Oracle user:
oracle soft nofile 4096
oracle hard nofile 63536
For seeing the changes, you do not need to reboot, just reloging via sudo -i
and check if it works or not, so you can make sure what the problem is.
And for users without login, you should do the following as root:
$ sudo -i -u <user>
BTW, you may be in need of editing /etc/pam.d/login file and add the following line:
$ session required pam_limits.so
pam_limit.so
in /etc/pam.d/login means at login time but no on sudo while /etc/pam.d/sudo
limits will also be applied when running sudo without "-i", you may also need apply the above changes in /etc/pam.d/system-auth depending on your needs. I recommend you read about PAM modules.
BTW, for instant applying limits to currently running processes you should do the following additionally to changing /etc/security/limits.conf
:
$ prlimit
I recommend you read this article from RedHat, since you may face with:
On some Linux systems setting "hard" and "soft" limits in the
following examples might not work properly when you log in as user
oracle via SSH. It might work if you log in as root and su to oracle.
If you have this problem try to set UsePrivilegeSeparation to "no" in
/etc/ssh/sshd_config and restart the SSH daemon by executing service
sshd restart. The privilege separation does not work properly with PAM
on some Linux systems. Make sure to talk to the people in charge of
security before disabling the SSH security feature "Privilege
Separation".
I hope I could help. Good luck.
I suspect the main reason for the limit is to avoid excess memory consumption (each open file descriptor uses kernel memory). It also serves as a safeguard against buggy applications leaking file descriptors and consuming system resources.
But given how absurdly much RAM modern systems have compared to systems 10 years ago, I think the defaults today are quite low.
In 2011 the default hard limit for file descriptors on Linux was increased from 1024 to 4096.
Some software (e.g. MongoDB) uses many more file descriptors than the default limit. The MongoDB folks recommend raising this limit to 64,000. I've used an rlimit_nofile
of 300,000 for certain applications.
As long as you keep the soft limit at the default (1024), it's probably fairly safe to increase the hard limit. Programs have to call setrlimit()
in order to raise their limit above the soft limit, and are still capped by the hard limit.
See also some related questions:
Best Answer
The problem here is that the GUI (and gnome-terminal) are started by
systemd --user
, which does not read from/etc/security/limits.conf
. Instead, you should edit/etc/systemd/user.conf
and/etc/systemd/system.conf
for the soft and hard limits, respectively, by appending e.g.This same question has come up a few times on the StackExchange network; see e.g. this question for further discussion.
There are also bug reports for the issue, both for Ubuntu and Fedora.