
CentOS 文件描述符资源限制

一、系统范围 system-wide FD (file-descriptor) limits)
[ENFILE] Too many files open in system.
# define ENFILE 23 /* File table overflow */
ENFILE is too many files opened in the entire system.
cat /proc/sys/fs/file-max
cat /proc/sys/fs/file-nr
Sysctl is a tool which provides easy configuration of these kernel parameter.
[root@centos6.9 ~]# sysctl -a|grep file
fs.file-nr = 576 0 97761
fs.file-max = 97761
[root@centos7.2~]# sysctl -a|grep file
fs.file-max = 99148
fs.file-nr = 896 0 99148
fs.xfs.filestream_centisecs = 3000
the number of allocated file handles (i.e., the number of files presently opened);
the number of free file handles;
and the maximum number of file handles
[root@centos6.9 ~]# vi /etc/sysctl.conf
fs.file-max = 100000
[root@centos6.9 ~]# sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
fs.file-max = 100000
[root@centos6.9 ~]# cat /proc/sys/fs/file-max
[root@centos6.9 ~]# echo "200000">/proc/sys/fs/file-max
[root@centos7.2~]#cat /usr/lib/sysctl.d/00-system.conf
# Kernel sysctl configuration file
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
fs.file-max = 100000
[root@centos7.2~]# sysctl -p
[root@centos7.2~]# cat /proc/sys/fs/file-max
[root@centos6.9 ~]# cat /etc/sysctl.conf
# Kernel sysctl configuration file for Red Hat Linux
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# Use '/sbin/sysctl -a' to list all possible parameters.
# Controls IP packet forwarding
net.ipv4.ip_forward = 0
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1
# Controls the default maxmimum size of a mesage queue
kernel.msgmnb = 65536
# Controls the maximum size of a message, in bytes
kernel.msgmax = 65536
# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736
# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296
[root@centos7.2~]# cat /etc/sysctl.conf
# System default settings live in /usr/lib/sysctl.d/00-system.conf.
# To override those settings, enter new settings here, or in an /etc/sysctl.d/<name>.conf file
# For more information, see sysctl.conf(5) and sysctl.d(5).
[root@centos7.2~]#cat /usr/lib/sysctl.d/00-system.conf
# Kernel sysctl configuration file
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
[root@centos7.2 ~]# man sysctl
2、进程范围 process-specific
[EMFILE] Too many open files.
# define EMFILE 24 /* Too many open files */
EMFILE is too many files opened in your process. 
[root@centos6.9 ~]# ulimit -n
[root@centos6.9 ~]# ulimit -Hn
[root@centos6.9 ~]# ulimit -Sn
[root@centos7.2 ~]# ulimit -n
[root@centos7.2 ~]# ulimit -Hn
[root@centos7.2 ~]# ulimit -Sn
cat /proc/<pid>/limits 
ls -lh /proc/<pid>/fd
ls -lh /proc/<pid>/fd|wc -l
[root@centos6.9 ~]# ps -ef|grep nginx
root 1459 1 0 00:52 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
nginx 1461 1459 0 00:52 ? 00:00:00 nginx: worker process
root 1743 1533 0 03:03 pts/0 00:00:00 grep nginx
[root@centos6.9 ~]# cat /proc/1459/limits
Limit Soft Limit Hard Limit Units
Max cpu time unlimited unlimited seconds
Max file size unlimited unlimited bytes
Max data size unlimited unlimited bytes
Max stack size 10485760 unlimited bytes
Max core file size 0 unlimited bytes
Max resident set unlimited unlimited bytes
Max processes 3873 3873 processes
Max open files 1024 4096 files
Max locked memory 65536 65536 bytes
Max address space unlimited unlimited bytes
Max file locks unlimited unlimited locks
Max pending signals 3873 3873 signals
Max msgqueue size 819200 819200 bytes
Max nice priority 0 0
Max realtime priority 0 0
Max realtime timeout unlimited unlimited us
[root@centos6.9 ~]# ls -lh /proc/1459/fd
total 0
lrwx------. 1 root root 64 Jul 20 02:57 0 -> /dev/null
lrwx------. 1 root root 64 Jul 20 02:57 1 -> /dev/null
l-wx------. 1 root root 64 Jul 20 02:57 2 -> /usr/local/nginx/logs/error.log
lrwx------. 1 root root 64 Jul 20 02:57 3 -> socket:[12618]
l-wx------. 1 root root 64 Jul 20 02:57 4 -> /usr/local/nginx/logs/access.log
l-wx------. 1 root root 64 Jul 20 02:57 5 -> /usr/local/nginx/logs/error.log
lrwx------. 1 root root 64 Jul 20 02:57 6 -> socket:[12615]
lrwx------. 1 root root 64 Jul 20 02:57 7 -> socket:[12619]
[root@centos6-clean sbin]# ls -lh /proc/1461/fd
total 0
lrwx------. 1 nginx nginx 64 Jul 20 02:57 0 -> /dev/null
lrwx------. 1 nginx nginx 64 Jul 20 02:57 1 -> /dev/null
l-wx------. 1 nginx nginx 64 Jul 20 02:57 2 -> /usr/local/nginx/logs/error.log
l-wx------. 1 nginx nginx 64 Jul 20 02:57 4 -> /usr/local/nginx/logs/access.log
l-wx------. 1 nginx nginx 64 Jul 20 02:57 5 -> /usr/local/nginx/logs/error.log
lrwx------. 1 nginx nginx 64 Jul 20 02:57 6 -> socket:[12615]
lrwx------. 1 nginx nginx 64 Jul 20 02:57 7 -> socket:[12619]
lrwx------. 1 nginx nginx 64 Jul 20 02:57 8 -> [eventpoll]
lrwx------. 1 nginx nginx 64 Jul 20 02:57 9 -> [eventfd]
Soft vs. Hard limits
Soft limits are the current setting for a particular limit. They can be increased only to the current hard limit setting.
Hard limits are the maximum limit that can be configured. Any changes to these require root access.
Soft limits could be set by any user while hard limits are changeable only by root.
ulimit的作用是,显示或修改“当前shell”的resource limits,或者在当前shell中启动的进程的resource limits。
>> 只对当前tty(终端有效),若要每次都生效的话,可以把ulimit参数放到对应用户的.bash_profile里面;如果放到/etc/profile,针对所有用户有效。
>> ulimit命令本身就有分软硬设置,加-H就是硬,加-S就是软;
硬限制是可以在任何时候任何进程中设置  但硬限制只能由超级用户提起
>> 默认显示的是软限制,如果运行ulimit命令修改的时候没有加上的话,就是两个参数一起改变生效;
[root@centos6.9 ~]# ulimit -n 2048
[root@centos6.9 ~]# ulimit -Hn
[root@centos6.9 ~]# ulimit -Sn
[root@centos6-clean ~]# vi /etc/profile
unset -f pathmunge
ulimit -n 8192
"/etc/profile" 79L, 1857C written
[root@centos6.9 ~]# source /etc/profile
[root@centos6.9 ~]# ulimit -Hn
[root@centos6.9 ~]# ulimit -Sn
(2)通过Linux PAM的配置文件进行调整。
nofile - max number of open file descriptors
nproc - max number of processes 要分清楚
limits.conf file is used store limit related configuration. It can be accessed from /etc/security/limits.conf . There s also /etc/security/limits.d directory which can hold multiple configurations files.  
[root@centos6.9 ~]# vi /etc/security/limits.conf
[root@centos6.9 ~]# vi /etc/security/limits.d/91-nofile.conf
* - nofile 8192
[root@centos6.9 ~]# ulimit -Hn
[root@centos6.9 ~]# ulimit -Sn
[root@centos7.2 ~]# vi /etc/security/limits.conf
[root@centos7.2 ~]# vi /etc/security/limits.d/21-nofile.conf
* - nofile 10240
21-nofile.conf 会覆盖limits.conf的设置
[root@centos7.2 ~]# ulimit -Hn
[root@centos7.2 ~]# ulimit -Sn
* soft nofile 4096
* hard nofile 4096
roy soft nofile 8192
roy hard nofile 8192
[root@centos7.2 ~]# vi /usr/lib/systemd/system/nginx.service
[Service] ... LimitNOFILE=10000
[root@centos7.2 ~]# systemctl daemon-reload
Restart nginx:
[root@centos7.2 ~]# systemctl restart nginx.service
[root@localhost ~]# ps -ef|grep nginx
root 2269 1 0 00:22 ? 00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
nginx 2270 2269 0 00:22 ? 00:00:00 nginx: worker process
root 2274 2177 0 00:22 pts/0 00:00:00 grep --color=auto nginx
[root@localhost ~]# cat /proc/2269/limits
Limit Soft Limit Hard Limit Units
Max cpu time unlimited unlimited seconds
Max file size unlimited unlimited bytes
Max data size unlimited unlimited bytes
Max stack size 8388608 unlimited bytes
Max core file size 0 unlimited bytes
Max resident set unlimited unlimited bytes
Max processes 3899 3899 processes
Max open files 10000 10000 files
Max locked memory 65536 65536 bytes
Max address space unlimited unlimited bytes
Max file locks unlimited unlimited locks
Max pending signals 3899 3899 signals
Max msgqueue size 819200 819200 bytes
Max nice priority 0 0
Max realtime priority 0 0
Max realtime timeout unlimited unlimited us
$ mkdir -p /etc/systemd/system/nginx.service.d/
$ cat /etc/systemd/system/nginx.service.d/limits.conf [Service] LimitNOFILE=10000
$ systemctl daemon-reload
$ systemctl restart nginx
/etc/security/limits.conf和/etc/security/limits.d/*.conf 是Linux PAM的配置文件。
[root@centos6.9 ~]# cat /etc/security/limits.conf
# /etc/security/limits.conf
#Each line describes a limit for a user in the form:
#<domain> <type> <item> <value>
#<domain> can be:
# - a user name
# - a group name, with @group syntax
# - the wildcard *, for default entry
# - the wildcard %, can be also used with %group syntax,
# for maxlogin limit
#<type> can have the two values:
# - "soft" for enforcing the soft limits
# - "hard" for enforcing hard limits
#<item> can be one of the following:
# - core - limits the core file size (KB)
# - data - max data size (KB)
# - fsize - maximum filesize (KB)
# - memlock - max locked-in-memory address space (KB)
# - nofile - max number of open file descriptors
# - rss - max resident set size (KB)
# - stack - max stack size (KB)
# - cpu - max CPU time (MIN)
# - nproc - max number of processes
# - as - address space limit (KB)
# - maxlogins - max number of logins for this user
# - maxsyslogins - max number of logins on the system
# - priority - the priority to run user process with
# - locks - max number of file locks the user can hold
# - sigpending - max number of pending signals
# - msgqueue - max memory used by POSIX message queues (bytes)
# - nice - max nice priority allowed to raise to values: [-20, 19]
# - rtprio - max realtime priority
#<domain> <type> <item> <value>
#* soft core 0
#* hard rss 10000
#@student hard nproc 20
#@faculty soft nproc 20
#@faculty hard nproc 50
#ftp hard nproc 0
#@student - maxlogins 4
# End of file
[root@centos7.2 ~]# cat /etc/security/limits.conf
# /etc/security/limits.conf
#This file sets the resource limits for the users logged in via PAM.
#It does not affect resource limits of the system services.
#Also note that configuration files in /etc/security/limits.d directory,
#which are read in alphabetical order, override the settings in this
#file in case the domain is the same or more specific.
#That means for example that setting a limit for wildcard domain here
#can be overriden with a wildcard setting in a config file in the
#subdirectory, but a user specific setting here can be overriden only
#with a user specific setting in the subdirectory.
#Each line describes a limit for a user in the form:
#<domain> <type> <item> <value>
#<domain> can be:
# - a user name
# - a group name, with @group syntax
# - the wildcard *, for default entry
# - the wildcard %, can be also used with %group syntax,
# for maxlogin limit
#<type> can have the two values:
# - "soft" for enforcing the soft limits
# - "hard" for enforcing hard limits
#<item> can be one of the following:
# - core - limits the core file size (KB)
# - data - max data size (KB)
# - fsize - maximum filesize (KB)
# - memlock - max locked-in-memory address space (KB)
# - nofile - max number of open file descriptors
# - rss - max resident set size (KB)
# - stack - max stack size (KB)
# - cpu - max CPU time (MIN)
# - nproc - max number of processes
# - as - address space limit (KB)
# - maxlogins - max number of logins for this user
# - maxsyslogins - max number of logins on the system
# - priority - the priority to run user process with
# - locks - max number of file locks the user can hold
# - sigpending - max number of pending signals
# - msgqueue - max memory used by POSIX message queues (bytes)
# - nice - max nice priority allowed to raise to values: [-20, 19]
# - rtprio - max realtime priority
#<domain> <type> <item> <value>
#* soft core 0
#* hard rss 10000
#@student hard nproc 20
#@faculty soft nproc 20
#@faculty hard nproc 50
#ftp hard nproc 0
#@student - maxlogins 4
# End of file