Resource limits

Linux systems employ limiting or quota mechanisms to provide quality of service for system resources and contain rogue processes.

These limits are layered at the system-level and user-level. If these limits need to be modified, it is useful to understand the different limit configurations.

System-wide limits

Some global resource limits are implemented in the Linux kernel and are controllable with kernel parameters.

For example, a global limit for the maximum number of open files is set with the fs.file-max parameter. This limit applies to all processes and users an cannot be exceeded other limit values.

Checking limit

You can check a current value with sysctl -n <PARAMETER>. For example:

sysctl -n fs.file-max

This fs.file-max value is set intentionally high on Clear Linux OS systems by default. You can check the maximum value supported by the system with:

cat /proc/sys/fs/file-max

Overriding limit

You can override a value with sysctl -w <PARAMETER>. For example:

sudo sysctl -w fs.file-max=<NUMBER>

If needed permanently, the value can be set by creating a /etc/sysctl.d/*.conf file (see man sysctl.d for details). For example:

sudo mkdir -p /etc/sysctl.d/

sudo tee /etc/sysctl.d/fs-file-max.conf  > /dev/null <<'EOF'
fs.file-max=<NUMBER>
EOF

Per-user limits

For processes not managed by systemd, resource limits can be set for PAM logins on a per-user basis with upper and lower limits in the /etc/security/limits.conf file.

You can set temporary values and check the current values with the ulimit command. For example, to change the soft limit of maximum number of open file descriptors for the current user:

ulimit -S -n <NUMBER>

See man limits.conf for details.

Service limits

Resource limits for services started with systemd units do not follow normal user limits because the process is started in a seperate Linux control group (cgroup) Linux cgroups associate related process groups and provide resource accounting.

Resource limits for individual systemd services can be controlled inside their unit files or its configuration drop-in directory with the resource Limit directives. See process properties section of the systemd.exec man page.

Resource limits for all systemd services can be controlled with a file in the /etc/systemd/system.conf.d/ directory. For example, to have no restriction on the number of open files:

sudo mkdir -p /etc/systemd/system.conf.d/

sudo tee /etc/systemd/system.conf.d/50-nfiles.conf  > /dev/null <<'EOF'
[Manager]
DefaultLimitNOFILE=infinity
EOF