Tutoriale Online

Tutoriale Online Invata Online cum se face si cum este corect. Learn Online How Must To Do !

Online Tutoriale Setting Shell Limits for the Oracle User

Posted by ascultradio on September 3, 2009

Setting Shell Limits for the Oracle User :

Most shells like Bash provide control over various resources like the maximum allowable number of open file descriptors or the maximum number of processes available to a user.

To see all shell limits, run:

ulimit -a

For more information on ulimit for the Bash shell, see man bash and search for ulimit.

NOTE:
On some Linux systems setting “hard” and “soft” limits in the following examples might not work properly when you login as oracle via SSH. It might work if you log in as root and su to oracle. If you have this problem try to set UsePrivilegeSeparation to “no” in /etc/ssh/sshd_config and restart the SSH daemon by executing service sshd restart. The privilege separation does not work properly with PAM on some Linux systems. Make sure to talk to the Unix and/or security teams before disabling the SSH security feature “Privilege Separation”.

Limiting Maximum Number of Open File Descriptors for the Oracle User

After /proc/sys/fs/file-max has been changed, see Setting File Handles, there is still a per user limit of maximum open file descriptors:

$ su - oracle
$ ulimit -n
1024
$

To change this limit, edit the /etc/security/limits.conf file as root and make the following changes or add the following lines, respectively:

oracle           soft    nofile          4096
oracle           hard    nofile          63536

The “soft limit” in the first line defines the number of file handles or open files that the Oracle user will have after login. If the Oracle user gets error messages about running out of file handles, then the Oracle user can increase the number of file handles like in this example up to 63536 (“hard limit”) by executing the following command:


ulimit -n 63536

You can set the “soft” and “hard” limits higher if necessary.

NOTE:
I do not recommend to set the “hard” limit for nofile for the oracle user equal to /proc/sys/fs/file-max. If you do that and the user uses up all the file handles, then the entire system will run out of file handles. This could mean that you won’t be able to initiate new logins any more since the system won’t be able to open any PAM modules that are required for the login process. That’s why I set the hard limit to 63536 and not 65536.

That these limits work you also need to ensure that pam_limits is configured in the /etc/pam.d/system-auth file, or in /etc/pam.d/sshd for ssh, /etc/pam.d/su for su, or /etc/pam.d/login for local logins and telnet if you don’t want to enable it for all login methods. Here are the two session entries I have in my /etc/pam.d/system-auth

file:

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so

Now login to the oracle user account since the changes will become effective for new login sessions only. Note the ulimit options are different for other shells.

$ su - oracle
$ ulimit -n
4096
$

The default limit for oracle is now 4096 and the oracle user can increase the number of file handles up to 63536:

$ su - oracle
$ ulimit -n
4096
$ ulimit -n 63536
$ ulimit -n
63536
$

To make this change permanent, you could add “ulimit -n 63536” (for bash) to the ~oracle/.bash_profile file which is the user startup file for the bash shell on Red Hat Linux (to verify your shell execute echo $SHELL). To do this you could simply copy/paste the following commands for oracle’s bash shell:

su - oracle
cat >> ~oracle/.bash_profile << EOF
ulimit -n 63536
EOF

To make the above changes permanent, you could also set the soft limit equal to the hard limit in /etc/security/limits.conf which I prefer:

oracle           soft    nofile          63536
oracle           hard    nofile          63536

Limiting Maximum Number of Processes for the Oracle User

After reading the procedure at Limiting Maximum Number of Open File Descriptors for the Oracle User you should now have an understanding of “soft” and “hard” limits and how to change shell limits.

To see the current limit of the maximum number of processes for the oracle user, run:

$ su - oracle
$ ulimit -u

Note the ulimit options are different for other shells.

To change the “soft” and “hard” limits for the maximum number of processes for the oracle user, add the following lines to the /etc/security/limits.conf file:

oracle           soft    nproc          2047
oracle           hard    nproc          16384

To make this change permanent, you could add “ulimit -u 16384” (for bash) to the ~oracle/.bash_profile file which is the user startup file for the bash shell on Red Hat Linux (to verify your shell execute echo $SHELL). To do this you could simply copy/paste the following commands for oracle’s bash shell:

su - oracle
cat >> ~oracle/.bash_profile << EOF
ulimit -u 16384
EOF

To make the above changes permanent, you could also set the soft limit equal to the hard limit in /etc/security/limits.conf which I prefer:

oracle           soft    nproc          16384
oracle           hard    nproc          16384


Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: