Bugzilla – Bug 147983
Release Nots: Suggested ulimit text
Last modified: 2006-02-07 17:11:59 UTC
In SUSE Linux 10.1, the package ulimit has been added to the default selection. It makes init start every process via /etc/initscript which sets resource limits, also called ulimits. These limits are inherited and thus apply globally. The ulimits can be configured in /etc/sysconfig/ulimit. By default, only two limits are changed from the system defaults: (i) SOFTVIRTUALLIMIT=80 This limits a single process to not allocate more than 80% of the available virtual memory (RAM+swap). (ii) SOFTRESIDENTLIMIT=85 This limits a single process to not occupy more than 85% of your physical memory (RAM). As they are soft limits they can be overridden with the ulimit command by a user. Hard limits could only be overridden by root. The defaults have been chosen conservatively to avoid breaking large processes that have worked before. The limits do provide a moderately effective way to protect the system from becoming unusably slow by single processes that allocate excessive amounts of memory. The limits make the system kill the process before the Out-Of-Memory killer in the kernel would hit and thus makes the system recover more quickly. If there are no legitimate processes with huge memory consumption, it is advisable to set the limits lower to provide more effective protection against runaway processes. Note that the limits are per process and thus not an effective protection against malicious users (unless you set hard limits for the amount of processes per user such that the product of it and the allowed per process memory usage is below the capacity of your system). The limits are meant to protect against accidental excessive memory usage. If you want to configure different limits depending on the user, this can be achieved by using the pam_limits functionality and configuring /etc/security/limits.conf. The ulimit package is not required for that, but both mechanisms can be used in parallel; the limits configured in limits.conf do override the global defaults from the ulimit package then.
This is too long. Karl, can you summarize somehow? Otherwise ok for me.
Thanks! I'll try to shorten it (and re-using text for the SLES Admin Manual).
Please check whether it is short enough and still accurate: Technical ulimit Settings The ulimit settings can be configured in /etc/sysconfig/ulimit. By default, only two limits are changed from the kernel defaults: * SOFTVIRTUALLIMIT=80 limits a single process that it does not allocate more than 80% of the available virtual memory (RAM and swap). * SOFTRESIDENTLIMIT=85 limits a single process that it does not occupy more than 85% of the physical memory (RAM). These soft limits can be overridden with the ulimit command by the user. Hard limits could only be overridden by root. The values have been chosen conservatively to avoid breaking large processes that have worked before. If there are no legitimate processes with huge memory consumption, set the limits lower to provide more effective protection against run-away processes. The limits are per process and thus not an effective protection against malicious users. The limits are meant to protect against accidental excessive memory usage. To configure different limits depending on the user, use the pam_limits functionality and configure /etc/security/limits.conf. The ulimit package is not required for that, but both mechanisms can be used in parallel; the limits configured in limits.conf override the global defaults from the ulimit package.
Fine with me.
thanks, submitted to /work, probably for beta4