Are limits.conf values applied on a per-process basis?

I’m tuning the nofile value in /etc/security/limits.conf for my oracle user and I have a question about its behavior: does nofile limit the total number of files the user can have open for all of its processes or does it limit the total number of files the user can have open for each of its processes?

Specifically, for the following usage:

oracle                  hard    nofile                  65536

Most of the values¹ in limits.conf are limits that can be set with the ulimit shell command or the setrlimit system call. They are properties of a process. The limits apply independently for each process. In particular, each process can have up to nofile open files. There is no limit to the number of open files cumulated by the processes of a user.

The nproc limit is a bit of a special case, in that it does sum over all the processes of a user. Nonetheless, it still applies per-process: when a process calls fork to create a new process, the call is denied if the number of processes belonging to the process’s euid is would be larger than the process’s RLIMIT_NPROC value.

The limits.conf man page explains that the limits apply to a session. This means that all the processes in a session will all have these same limits (unless changed by one of these processes). It doesn’t mean that any sum is done over the processes in a session (that’s not even something that the operating system tracks — there is a notion of session, but it’s finer-grained than that, for example each X11 application tends to end up in its own session). The way it works is that the login process sets itself some limits, and they are inherited by all child processes.

¹ The exceptions are maxlogins, maxsyslogins and chroot, which are applied as part of the login process to deny or influence login.

Categories: Answers Tags: , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.