Discussion:
The question about process limits in systemd
(too old to reply)
Firxiao zhang
2018-02-28 01:30:02 UTC
Permalink
Raw Message
Hi All.
I am confusing the relationship between "systemd" and
"/etc/security/limits.conf".
so far, I am migrating a service(init.d) script(centos6) to systemd
unit(centos7).
on centos6, I defined the user limits in "/etc/security/limits.conf". and
it worked well.
after I done the same thing on centos7. I found the limits was not taking
effect. so I googled this problem. it said I need define the limits in
systemd unit file. like: LimitNOFILE=xxx.
Here are my questions:
1. are the systemd limits and the system security limits individual?
2. if not. is there a way to make systemd read the system security limits
as default?

it would be appreciated for your help. thanks
Mantas Mikulėnas
2018-02-28 06:11:16 UTC
Permalink
Raw Message
Post by Firxiao zhang
Hi All.
I am confusing the relationship between "systemd" and
"/etc/security/limits.conf".
so far, I am migrating a service(init.d) script(centos6) to systemd
unit(centos7).
on centos6, I defined the user limits in "/etc/security/limits.conf". and
it worked well.
after I done the same thing on centos7. I found the limits was not taking
effect. so I googled this problem. it said I need define the limits in
systemd unit file. like: LimitNOFILE=xxx.
1. are the systemd limits and the system security limits individual?
They are completely separate. /etc/security/limits.conf is *only* read by
PAM (pam_limits.so), which basically means user login sessions (getty, ssh,
xdm...)

(Although it's possible for systemd to call PAM when starting a service, it
needs careful configuration and you shouldn't do it by default.)
Post by Firxiao zhang
2. if not. is there a way to make systemd read the system security limits
as default?
No. Limits for a service should be in its .service file.
--
Mantas Mikulėnas
Firxiao zhang
2018-02-28 06:43:25 UTC
Permalink
Raw Message
Hi Mantas Mikulėnas, Got it, thanks a lot.
Post by Mantas Mikulėnas
Post by Firxiao zhang
Hi All.
I am confusing the relationship between "systemd" and
"/etc/security/limits.conf".
so far, I am migrating a service(init.d) script(centos6) to systemd
unit(centos7).
on centos6, I defined the user limits in "/etc/security/limits.conf". and
it worked well.
after I done the same thing on centos7. I found the limits was not taking
effect. so I googled this problem. it said I need define the limits in
systemd unit file. like: LimitNOFILE=xxx.
1. are the systemd limits and the system security limits individual?
They are completely separate. /etc/security/limits.conf is *only* read by
PAM (pam_limits.so), which basically means user login sessions (getty, ssh,
xdm...)
(Although it's possible for systemd to call PAM when starting a service,
it needs careful configuration and you shouldn't do it by default.)
Post by Firxiao zhang
2. if not. is there a way to make systemd read the system security limits
as default?
No. Limits for a service should be in its .service file.
--
Mantas Mikulėnas
Loading...