206

Do changes in /etc/security/limits.conf require a reboot before taking effect?

For example, if I have a script that sets the following limits in /etc/security/limits.conf, does this require a system reboot before those limits will take effect?

* hard nofile 94000
* soft nofile 94000
* hard nproc 64000
* soft nproc 64000
Alexej Magura
  • 4,466
  • 7
  • 26
  • 39

5 Answers5

162

No but you should close all active sessions windows. They still remember the old values. In other words, log out and back in. Every remote new session or a local secure shell take effect of the limits changes.

Slyx
  • 3,885
  • 25
    What if I want to set the limits for a user that doesn't have a login, like if I want to set the nofile limit to 94000 for the mongodb user? How'd I do that without a reboot? Would I just need to restart the mongodb service? – Alexej Magura Jan 09 '14 at 19:35
  • 4
    @AlexejMagura You can modify the the rlimits of running processes with the prlimit command. – Bratchley Jan 09 '14 at 23:46
  • 8
    @Gilles, thanks for the precisions, I edited my answer to to avoid ambiguity. However Starting a new service using sudo service mongodb restart is enough to let the service running with the new limit values. – Slyx Jan 10 '14 at 15:01
  • 9
    if you are using Ubuntu, and mongodb is started by upstart, then changing these limits will not affect mongodb. As upstart does not read /etc/security config https://bugs.launchpad.net/ubuntu/+source/upstart/+bug/938669 you must set limit stanza in its upstart config file. – HVNSweeting Jan 19 '15 at 03:22
  • 6
    It's another issue. upstart by design ignores the limits set in /etc/security/limits.conf. – Slyx Jan 20 '15 at 11:00
55

Apply the changes directly to a running process if you have prlimit installed (comes with util-linux-2.21)

prlimit --pid <pid> --<limit>=<soft>:<hard>

for example

prlimit --pid 12345 --nofile=1024:2048

Refer here

Ram
  • 1,041
  • If you aren't root, you are still bound by the settings in limits.conf, so the original question still comes into play (if you are relying on a modification to the hard limit, for example). – Gregg Leventhal May 18 '23 at 17:34
31

To temporarily set the open files limit for the user you are currently logged in under (e.g. 'root'):You can also use the ulimit command to change the values in your current shell. However, hard limits can only be adjusted downwards unless you're root.

Example:

# ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 62449
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 10240
cpu time               (seconds, -t) unlimited
max user processes              (-u) 1024
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

To change the nofile to 94000 you can do:

ulimit -n 94000
Boogy
  • 886
  • 1
    I was successfully able to change nofile limit for root with this command, but what if I want to do so from the root for a regular user? What would be my approach then? – Igor Tiulkanov Nov 30 '21 at 16:08
24

Limits are inherited from a parent process to its child processes. Processes running as root can change limits arbitrarily; other processes cannot increase hard limits. Thus the hard limits set by the login process affect all the processes in a session.

If you change /etc/security/limits.conf, this will affect all new sessions, and processes in these new sessions. It won't affect processes that are already running, nor processes started by processes that are already running.

So if you need to increase some limits, you'll have to either log out and back in, or start another session (e.g. with ssh localhost, or on another console).

7

To quote @Tombart's answer

These limits will be applied after reboot.

If you want to apply changes without reboot, modify /etc/pam.d/common-session by adding this line at the end of file:

session required pam_limits.so
serv-inc
  • 650
  • This answer is incorrect. New limits configurations are applied for new sessions, by default. See also e.g. Gilles answer. – maxschlepzig Mar 27 '21 at 21:56