I'm currently facing a problem on a linux box where as root I have commands returning error because inotify watch limit has been reached.
# tail -f /var/log/messages
[...]
tail: cannot watch '/var/log/messages': No space left on device
# inotifywatch -v /var/log/messages
Establishing watches...
Failed to watch /var/log/messages; upper limit on inotify watches reached!
Please increase the amount of inotify watches allowed per user via '/proc/sys/fs/inotify/max_user_watches'.`
I googled a bit and every solution I found is to increase the limit with:
sudo sysctl fs.inotify.max_user_watches=<some random high number>
But I was unable to find any information of the consequences of raising that value. I guess the default kernel value was set for a reason but it seems to be inadequate for particular usages. (e.g., when using Dropbox with a large number of folder, or software that monitors a lot of files)
So here are my questions:
- Is it safe to raise that value and what would be the consequences of a too high value?
- Is there a way to find out what are the currently set watches and which process set them to be able to determine if the reached limit is not caused by a faulty software?
Best Answer
Is it safe to raise that value and what would be the consequences of a too high value?
Yes, it's safe to raise that value and below are the possible costs [source]:
To check the max number of inotify watches:
To set max number of inotify watches
Temporarily:
sudo sysctl fs.inotify.max_user_watches=
with your preferred value at the end.Permanently (more detailed info):
fs.inotify.max_user_watches=524288
into your sysctl settings. Depending on your system they might be in one of the following places:/etc/sysctl.conf
/etc/sysctl.d/
, e.g./etc/sysctl.d/40-max-user-watches.conf
sysctl -p
(Debian/RedHat) orsysctl --system
(Arch)Check to see if the max number of inotify watches have been reached:
Use
tail
with the-f
(follow) option on any old file, e.g.tail -f /var/log/dmesg
: - If all is well, it will show the last 10 lines and pause; abort with Ctrl-C - If you are out of watches, it will fail with this somewhat cryptic error:To see what's using up inotify watches
The first column indicates the number of inotify fds (not the number of watches though) and the second shows the PID of that process [sources: 1, 2].