If /etc/security/limits.conf has not been edited or changed, there are nothing but comments. However 'cat /proc/self/limits' shows there are some limits in effect. Are these compiled into the kernel? If no where does the system get the initial default limits in an unmodified environment?
[~]$ cat /proc/self/limits
Limit Soft Limit Hard Limit Units
Max cpu time unlimited unlimited seconds
Max file size unlimited unlimited bytes
Max data size unlimited unlimited bytes
Max stack size 10485760 unlimited bytes
Max core file size 0 unlimited bytes
Max resident set unlimited unlimited bytes
Max processes 1024 60413 processes
Max open files 1024 4096 files
Max locked memory 65536 65536 bytes
Max address space unlimited unlimited bytes
Max file locks unlimited unlimited locks
Max pending signals 60413 60413 signals
Max msgqueue size 819200 819200 bytes
Max nice priority 0 0
Max realtime priority 0 0
Max realtime timeout unlimited unlimited us
Best Answer
You should probably check the highest voted answer ServerFault SE where are the default ulimit values set? (linux, centos) .
UPDATE: As suggested, copy/pasting the information from the other site:
These "default" limits are applied by:
init
process),fork(2)
time),setrlimit(2)
).Normal users' processes cannot rise hard limits.
The Linux kernel
At boot time, Linux sets default limits to the
init
process, which are then inherited by all the other (children) processes. To see this limit:grep process /proc/1/limits
.For example, the kernel default for maximum number of file descriptors (
ulimit -n
) was 1024/1024 (soft, hard), and has been raised to 1024/4096 in Linux 2.6.39.The default maximum number of processes you're talking about is limited to approximately:
for x86 architectures (at least), but distributions sometimes change default kernel values, so check your kernel source code for
kernel/fork.c
,fork_init()
. The "number of processes" limit is called RLIMIT_NPROC there.PAM
Usually, to ensure user authentification at login, PAM is used along with some modules (see
/etc/pam.d/login
).On Debian, the PAM module responsible for setting limits is here :
/lib/security/pam_limits.so
.This library will read its configuration from
limits.conf
andlimits.d/*.conf
, but even if those files are empty, pam_limits.so might use hardcoded values that you can check within the source code.For example, on Debian, the library has been patched so that by default, the maximum number of processes (
nproc
) is unlimited, and the maximum number of files (nofile
) is 1024/1024:So, check your CentOS' PAM module source code (look for RLIMIT_NPROC).
However, please note that many processes will not go through PAM (usually, if they are not launched by a logged in user, like daemons and maybe cron jobs).