File descriptor limits

Hello!

I have 2 boxes, both with OpenSUSE on board. On #1 I’ve changed setting in “Yast/Security and Users/Security Center and Hardening/Predefined Security Configurations” from default “Custom Settings” to “Network Server”. On #2 it is still untouched from it’s default state. Now if I do


sudo sh -c 'sudo -u wwwrun bash'
uname -Sn
uname -Hn

I’ll get on #1:

8192
unlimited

and on #2:

1024
4096

Obviously there is nor .profile nor .bashrc for wwwrun user, and /etc/security/limits.conf is all commented out. So where are these differences come from?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Poking around a little I found references that are probably relevant in
/etc/sysconfig/sysctl and /etc/sysconfig/apache2. If added in the
latter I’m assuming the commands will get run somehow during the startup
of Apache httpd since the startup begins with the ‘root’ user who is
able to make these types of changes. See the /etc/init.d/apache2 script
for more.

On a systemd-based system I’m not sure how much this applies unless
systemd is still calling the init script for fun.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPmUS5AAoJEF+XTK08PnB58kgP/irALAeDD4tEr84WymAfeKiP
9ZfWaKchDSSC3sbTJ+K6Xkvu9gVUevdEU7Z01W1mxLoawziJ4vs8nkREnoBVBEmI
C68Qu4K2B5ifjxC9BED5xqUyTWnYXVYpa7M7BguFXWCAcxE2cXWC6YOshc9JqpzY
uJoErVDEzOL6wnKfRr+nadhIY8tNX6tV8JUL7vnPYGb1dOCQ5xrp6SGiH2OdGzF1
lkkHAuGJCbZ3xO1t/VvJ8PIWzya7DRzXPBj/+bkhHzjXrYgTktVvh3LDeSSNGdUc
fIhK/EgB3CH99h3V9lncT+0AgZB9lt37kiZYDALSssY5lTc204p1ogRQuqpLlfzD
pyiMNSQQlkYdKPNq++SyLu2EMjPlkG9UO3Qti+8Xpx+Nc35FyDp8UFqKowwie1Gj
MHzjKc5LlUrssYwOOIf98xYgzXHeawn9FiwsnJ0gNOMlMG0Nea3IWuhqkDVGUbLp
OvTuKO/ivBTUaqrfwrkP2gi1+93YWV6H+IHoSvs66aye/LQSJ2uBCrnw+uZ5z7+R
UY4Z7W9UaKGVkY4BfXCKaoc2y7sbjQPbRXcAAfN+tTWMQI11cLPJzsHG8g2BxHvF
+quMLlDyIGXQDY/fmmV/26T1p5XdrftzumzlOa7ZwJ5kM9juBa97MAPzSkPrcD+P
GFz7PIzuv6zHC98it2ke
=DuDb
-----END PGP SIGNATURE-----

I see nothing about fd limits in /etc/sysconfig/sysctl. And /etc/sysconfig/apache2 is identical, on both machines there is only note in comments about ulimit:


# Note about ulimits:
#   if you want to set ulimits, e.g. to increase the max number of open file handle, 
#   or to allow core files, you can do so by editing /etc/sysconfig/apache2 and
#   simply write the ulimit commands into that file.
#   Example:
#     ulimit -n 16384
#     ulimit -H -n 16384
#     ulimit -c unlimited
#   See the output of "help ulimit" in the bash, or "man 1 ulimit".

/etc/init.d/apache2 has only very same note mentioning ulimit, so it’s still unclear where to look further.

bumping thread