RHEL7中nproc的取值来源于 20-nproc.conf文件

最新推荐文章于 2024-12-31 13:39:14 发布
原创 最新推荐文章于 2024-12-31 13:39:14 发布 · 8.5k 阅读 · 2 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。

本文介绍如何在Red Hat Enterprise Linux Server 7.4上为用户设置默认的进程数量限制,防止意外的fork bomb攻击。通过编辑/etc/security/limits.conf及limits.d/20-nproc.conf文件,管理员可以设置软硬限制来控制用户可以创建的最大进程数。 
[root@pgserver ~]# su - postgres
Last login: Mon Aug  7 09:44:30 EDT 2017 on pts/0
[postgres@pgserver ~]$ ulimit -u
4096
[postgres@pgserver ~]$ cat /etc/security/limits.
limits.conf  limits.d/    
[postgres@pgserver ~]$ cat /etc/security/limits.conf 
# /etc/security/limits.conf
#
#This file sets the resource limits for the users logged in via PAM.
#It does not affect resource limits of the system services.
#
#Also note that configuration files in /etc/security/limits.d directory,
#which are read in alphabetical order, override the settings in this
#file in case the domain is the same or more specific.
#That means for example that setting a limit for wildcard domain here
#can be overriden with a wildcard setting in a config file in the
#subdirectory, but a user specific setting here can be overriden only
#with a user specific setting in the subdirectory.
#
#Each line describes a limit for a user in the form:
#
#<domain>        <type>  <item>  <value>
#
#Where:
#<domain> can be:
#        - a user name
#        - a group name, with @group syntax
#        - the wildcard *, for default entry
#        - the wildcard %, can be also used with %group syntax,
#                 for maxlogin limit
#
#<type> can have the two values:
#        - "soft" for enforcing the soft limits
#        - "hard" for enforcing hard limits
#
#<item> can be one of the following:
#        - core - limits the core file size (KB)
#        - data - max data size (KB)
#        - fsize - maximum filesize (KB)
#        - memlock - max locked-in-memory address space (KB)
#        - nofile - max number of open file descriptors
#        - rss - max resident set size (KB)
#        - stack - max stack size (KB)
#        - cpu - max CPU time (MIN)
#        - nproc - max number of processes
#        - as - address space limit (KB)
#        - maxlogins - max number of logins for this user
#        - maxsyslogins - max number of logins on the system
#        - priority - the priority to run user process with
#        - locks - max number of file locks the user can hold
#        - sigpending - max number of pending signals
#        - msgqueue - max memory used by POSIX message queues (bytes)
#        - nice - max nice priority allowed to raise to values: [-20, 19]
#        - rtprio - max realtime priority
#
#<domain>      <type>  <item>         <value>
#

#*               soft    core            0
#*               hard    rss             10000
#@student        hard    nproc           20
#@faculty        soft    nproc           20
#@faculty        hard    nproc           50
#ftp             hard    nproc           0
#@student        -       maxlogins       4

# End of file
[postgres@pgserver ~]$ ulimit -u
4096
[postgres@pgserver ~]$ cat /etc/security/limits.d/20-nproc.conf
# Default limit for number of user's processes to prevent
# accidental fork bombs.
# See rhbz #432903 for reasoning.

*          soft    nproc     4096
root       soft    nproc     unlimited
[postgres@pgserver ~]$ cd/etc/security/limits.d/
-bash: cd/etc/security/limits.d/: No such file or directory
[postgres@pgserver ~]$ cd/etc/security/limits.d/
-bash: cd/etc/security/limits.d/: No such file or directory
[postgres@pgserver ~]$ cd /etc/security/limits.d/
[postgres@pgserver limits.d]$ ls -lrt
total 4
-rw-r--r--. 1 root root 191 Jul 19  2016 20-nproc.conf
[postgres@pgserver limits.d]$ cat 20-nproc.conf 
# Default limit for number of user's processes to prevent
# accidental fork bombs.
# See rhbz #432903 for reasoning.

*          soft    nproc     4096
root       soft    nproc     unlimited
[postgres@pgserver limits.d]$ ll
total 4
-rw-r--r--. 1 root root 191 Jul 19  2016 20-nproc.conf
[postgres@pgserver limits.d]$ cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.4 (Maipo)
[postgres@pgserver limits.d]$ uname -a
Linux pgserver 3.10.0-693.el7.x86_64 #1 SMP Thu Jul 6 19:56:57 EDT 2017 x86_64 x86_64 x86_64 GNU/Linux
[postgres@pgserver limits.d]$


参考文章:
How to set or change the default soft or hard limit for the number of user's processes?
https://access.redhat.com/solutions/406663

msdnchina
关注
【OpenHarmony4.1 之 U-Boot 2024.07源码深度解析】006 - Makefile 编译脚本 逐行深度解析
|~~~热爱生活、努力学习的小伙汁~~~|
06-15 1632
【OpenHarmony4.1 之 U-Boot 2024.07源码深度解析】006 - Makefile 编译脚本 逐行深度解析
故障分析:从Oracle数据库故障到Linux nproc算法
Enmotech的博客
02-25 419
墨墨导读:本文来自墨天轮用户“你好我是李白”的投稿,使用root用户切换grid用户时报错-bash: fork: retry: Resource temporarily unava,这里...
虚拟机内核参数永久生效配置
qq_44619675的博客
07-21 2726
修改虚拟机最大打开文件数、最大进程数等并永久生效
阿里云ecs /etc/security/limits.d/20-nproc.conf参数优化
u010674101的专栏
08-12 3192
阿里云ecs昨天无法使用jumpserver登录deploy用户,其他用户却可以登录。比如可以正常登录root,然后我su - deploy 账号,无法正常切换,直接报错提示:failed to execute /bin/bash: Resource temporarily unavailable.jumpserver连接deploy账号直接提示:ssh: could not start shell。这个一个安全性的问题,避免普通用户使用太多的进程。更改所有用户的进程数量为8192.......
linux修改进程打开文件数限制
黑暗遊侠
03-31 1241
有几种方法,但效果各不相同。 1.修改/etc/security/limits.conf 添加如下两行 * soft nofile 65536 * hard nofile 65536 这种方法仅对当前配置有限,重启系统后就失效了。 2.在/etc/rc.local中添加 ulimit -SHn 65536 可以保证重启系统仍然生效。 注:直接ul...
[root@iZbp1avc1olq9krqsni6tuZ postgres]# sudo yum install -y postgis35_15 Last metadata expiration check: 2:13:26 ago on Mon 23 Jun 2025 11:07:10 AM CST. Error: Problem: cannot install the best candidate for the job - nothing provides geos313 >= 3.13.0 needed by postgis35_15-3.5.2-1PGDG.rhel9.x86_64 from pgdg15 - nothing provides gdal310-libs >= 3.10.0 needed by postgis35_15-3.5.2-1PGDG.rhel9.x86_64 from pgdg15 - nothing provides proj95 >= 9.5.1 needed by postgis35_15-3.5.2-1PGDG.rhel9.x86_64 from pgdg15 - nothing provides libjson-c.so.5()(64bit) needed by postgis35_15-3.5.2-1PGDG.rhel9.x86_64 from pgdg15 - nothing provides libgeos_c.so.1()(64bit) needed by postgis35_15-3.5.2-1PGDG.rhel9.x86_64 from pgdg15 - nothing provides libproj.so.25()(64bit) needed by postgis35_15-3.5.2-1PGDG.rhel9.x86_64 from pgdg15 - nothing provides libstdc++.so.6(GLIBCXX_3.4.29)(64bit) needed by postgis35_15-3.5.2-1PGDG.rhel9.x86_64 from pgdg15 - nothing provides libjson-c.so.5(JSONC_0.14)(64bit) needed by postgis35_15-3.5.2-1PGDG.rhel9.x86_64 from pgdg15 - nothing provides hdf5 needed by postgis35_15-3.5.2-1PGDG.rhel9.x86_64 from pgdg15 - nothing provides libSFCGAL.so.2()(64bit) needed by postgis35_15-3.5.2-1PGDG.rhel9.x86_64 from pgdg15 - nothing provides xerces-c needed by postgis35_15-3.5.2-1PGDG.rhel9.x86_64 from pgdg15 - nothing provides libgeotiff17 needed by postgis35_15-3.5.2-1PGDG.rhel9.x86_64 from pgdg15 - nothing provides libgdal.so.36()(64bit) needed by postgis35_15-3.5.2-1PGDG.rhel9.x86_64 from pgdg15 (try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)
最新发布
06-24
echo "/usr/local/lib" | sudo tee /etc/ld.so.conf.d/local.conf sudo ldconfig # 验证路径 ldconfig -p | grep -E 'geos|proj|gdal' ``` --- #### **4. 编译安装 PostGIS 3.5.2** ```bash wget ...
Error: Problem: package ffmpeg-devel-4.2.10-1.el8.x86_64 requires libavdevice.so.58()(64bit), but none of the providers can be installed - package ffmpeg-devel-4.2.10-1.el8.x86_64 requires libavdevice(x86-64) = 4.2.10-1.el8, but none of the providers can be installed - conflicting requests - nothing provides libGL.so.1()(64bit) needed by libavdevice-4.2.10-1.el8.x86_64 - nothing provides libpulse.so.0()(64bit) needed by libavdevice-4.2.10-1.el8.x86_64 - nothing provides libpulse.so.0(PULSE_0)(64bit) needed by libavdevice-4.2.10-1.el8.x86_64 - nothing provides libjack.so.0()(64bit) needed by libavdevice-4.2.10-1.el8.x86_64 - nothing provides libcdio_cdda.so.2()(64bit) needed by libavdevice-4.2.10-1.el8.x86_64 - nothing provides libcdio_paranoia.so.2()(64bit) needed by libavdevice-4.2.10-1.el8.x86_64 - nothing provides libdrm.so.2()(64bit) needed by libavdevice-4.2.10-1.el8.x86_64 - nothing provides libSDL2-2.0.so.0()(64bit) needed by libavdevice-4.2.10-1.el8.x86_64 - nothing provides libxcb.so.1()(64bit) needed by libavdevice-4.2.10-1.el8.x86_64 - nothing provides libv4l2.so.0()(64bit) needed by libavdevice-4.2.10-1.el8.x86_64 - nothing provides libxcb-shm.so.0()(64bit) needed by libavdevice-4.2.10-1.el8.x86_64 - nothing provides libxcb-shape.so.0()(64bit) needed by libavdevice-4.2.10-1.el8.x86_64 - nothing provides libxcb-xfixes.so.0()(64bit) needed by libavdevice-4.2.10-1.el8.x86_64 - nothing provides libopenal.so.1()(64bit) needed by libavdevice-4.2.10-1.el8.x86_64 (try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)
06-11
2.在CentOS/RHEL系统中,如何使用dnf解决依赖问题?3.如何安全地升级系统中已安装的ffmpeg版本? ### 问题分析 在安装`ffmpeg-devel-4.2.10-1.el8.x86_64`时出现`libavdevice.so.58`依赖缺失,原因可能有: 1. 依赖...
Error: Package: postgresql15-15.12-1PGDG.rhel7.x86_64 (pgdg15) Requires: libzstd >= 1.4.0 Error: Package: postgresql15-server-15.12-1PGDG.rhel7.x86_64 (pgdg15) Requires: libzstd.so.1()(64bit) Error: Package: postgresql15-15.12-1PGDG.rhel7.x86_64 (pgdg15) Requires: libzstd.so.1()(64bit) You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest
03-15
用户提供的错误信息显示,postgresql15-15.12-1PGDG.rhel7.x86_64和postgresql15-server-15.12-1PGDG.rhel7.x86_64都需要libzstd >= 1.4.0以及对应的库文件libzstd.so.1()(64bit)。 首先,我应该回忆一下CentOS 7...
Linux中的 /etc/security/limits.conf 文件
huaz_md的博客
12-31 1040
文件是 Linux 系统中用于设置用户级别资源限制的配置文件。该文件属于 PAM(Pluggable Authentication Modules,可插拔认证模块)的一部分,用于控制在系统上运行的进程可以使用的资源量,如 CPU 时间、内存大小、打开的文件数量等。
/etc/security/limits.conf 详解与配置
yywCode的博客
10-08 4278
/etc/security/limits.conf 文件实际是 Linux PAM(插入式认证模块,Pluggable Authentication Modules)中 pam_limits.so 的配置文件
linux参数调优
qq_36223335的博客
12-11 1938
linux参数调 ulimit -a 临时修改文件句柄数(退出shell将重置) ulimit -n 65535 永久修改文件句柄数 使用root账号 vi /etc/security/limits.conf 末尾新增以下内容 * soft nofile 65535 * hard nofile 65535 * soft nproc 65535 * hard nproc 65535 修改用户可用最大进程数 使用root账号 vi /etc/security/limits.d/20-npro.
[nginx]-centos nginx 系统调优
爷来辣的博客
08-15 1967
Centos nginx 系统调优 目的:在不修改nginx配置文件的前提下 修改nginx系统配置而达到调优的效果 修改nproc.conf 用户进程数的限制 Centos6.4 /etc/security/limits.d/90-nproc.conf Centos7 /etc/security/limits.d/20-nproc.conf 将非root用户的连接数...
记一次 Centos 修改文件最大打开数
一花一世界
04-19 1274
QQ交流群:64655993 希望能对您有所帮助!!! 说明:系统: Centos7.* 1、修改limits.conf文件 [root@localhost ~]# vim /etc/security/limits.conf * soft nofile 204800 * hard nofile 204800 * soft nproc 204800 * hard nproc 20...
性能调优
imilli的博客
10-08 359
linux内核优化: /etc/security/limits.conf * hard nofile 391316 * soft nofile 391316 * nproc soft nproc 391316 * hard nproc 391316 vi /etc/sysctl.conf net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_fin_timeou...
配置limits.conf,ssh连接不生效问题
zhuangzi123456的博客
10-14 2414
一、环境: 操作系统版本:CentOS Linux release 7.3.1611 (Core) 背景:ssh做了源码编译升级,升级之后的版本为7.5p1 二、现象: 修改了/etc/security/limits.conf配置后,通过console控制台登录生效,但是通过ssh连接过去就是不生效; 三、配置如下: * soft nproc 65535 * hard nproc 6...
RedHat 7.4 安装 Oracle 19c RAC
JiekeXu的博客
11-03 1509
RedHat 7.4 安装 Oracle 19c RAC 一、主机环境以及配置 1.1 Oracle 软硬件要求 1.2 ASM磁盘组规划 1.3 主机网络规划 1.4 操作系统配置部分 二、Grid集群软件安装部分 三、Oracle DataBase软件安装 四、DBCA创建实例 一、主机环境以及配置 虚拟主机环境 RAC主机名:rac1、rac2 CPU:Intel® Xeon® CPU E5-2670 v2 @ 2.50GHz 4core 内存:32G 操作环境: RHEL .
linux limits.conf文件和最大进程数配置
DellsWeiner的博客
07-20 1314
值(Value): 值指定了对应项目的具体限制值。文件格式: 文件中的每行配置一个限制规则,每行由四个字段组成,依次是:域、类型,项和值。域(Domain): 域指定了限制应用的对象,可以是用户(用户名或用户组)或进程(@进程组名)。hard:指定硬限制,是真正的限制阈值,超过该限制时会被强制限制。域(Domain): 域指定了限制应用的对象,可以是用户(用户名或用户组)。用户名:指定单个用户,例如:john。类型(Type): 类型指定了资源限制的类型。类型(Type): 类型指定了资源限制的类型。
评论 3
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值