I have the following script:
我有以下脚本:
cat > /tmp/script.sh <<EndOfScript
#!/bin/sh
ulimit -n 8192
run_app
EndOfScript
which runs smoothly locally, it is always ok. But if I try to run it remotely through ssh:
在本地运行顺利,总是好的。但是如果我尝试通过ssh远程运行它:
scp /tmp/script.sh user@host:/tmp/script.sh
ssh user@host "chmod 755 /tmp/script.sh; /tmp/script.sh"
I got the error:
我收到了错误:
ulimit: open files: cannot modify limit: Operation not permitted
I also tried the following command:
我也尝试了以下命令:
ssh user@host "ulimit -n 8192"
same error.
It looks like that ssh remote command execution is enforcing a 1024 hard limit on nofile limit, but I can not find out how to modify this default value. I tried to modify /etc/security/limits.conf and restart sshd, still the same error.
看起来ssh远程命令执行对nofile限制强制执行1024次硬限制,但我无法找到如何修改此默认值。我试图修改/etc/security/limits.conf并重启sshd,仍然是同样的错误。
4 个解决方案
#1
11
Instead of using the workaround of /etc/initscript (and do not make a typo in that file.. :), if you just want sshd to honor the settings you made in /etc/security/limits.conf, you should make sure you have UsePAM yes in /etc/ssh/sshd_config, and /etc/pam.d/sshd lists session required pam_limits.so (or otherwise includes another file that does so).
而不是使用/ etc / initscript的解决方法(并且不要在该文件中输入错误.. :),如果您只是希望sshd遵守您在/etc/security/limits.conf中所做的设置,那么您应该确保你在/ etc / ssh / sshd_config中有UsePAM是,而/etc/pam.d/sshd列出了所需的会话pam_limits.so(或者包含另一个这样做的文件)。
That should be all there is to it.
应该就是它的全部内容。
In older versions od openssh (<3.6 something) there was also a problem with UsePrivilegeSeparation that prevented limits being honored, but it was fixed in newer versions.
在较旧的版本od openssh(<3.6 something)中,UsePrivilegeSeparation也存在一个问题,它阻止了限制,但它在较新版本中得到修复。
#2
3
Fiannly figured out the answer: add the following to /etc/initscript
Fiannly想出了答案:将以下内容添加到/ etc / initscript中
ulimit -c unlimited
ulimit -HSn 65535
# Execute the program.
eval exec "$4"
#3
2
ulimit requires superuser privileges to run.
ulimit需要超级用户权限才能运行。
I would suggest you to ask the server administrator to modify that value for you on the server you are trying to run the script on.
我建议您让服务器管理员在您尝试运行脚本的服务器上为您修改该值。
He/She can do that by modifying /etc/secutiry/limits.conf on Linux. Here is an example that might help:
他/她可以通过修改Linux上的/etc/secutiry/limits.conf来做到这一点。这是一个可能有用的示例:
* soft nofile 8192
* hard nofile 8192
After that, you don't need to restart sshd. Just logout and login again.
之后,您无需重新启动sshd。只需注销并再次登录。
I would suggest you to ask the same question in ServerFault though. You'll get better server-side related answers there.
我建议你在ServerFault中问同样的问题。你会得到更好的服务器端相关答案。
#4
0
Check the start up scripts (/etc/profile, ~/.??*) for a call to ulimit. IIRC, once a limit has been imposed, it can't be widened anymore.
检查启动脚本(/ etc / profile,〜/。??*)以获取对ulimit的调用。 IIRC,一旦实施限制,就不能再扩大。
#1
11
Instead of using the workaround of /etc/initscript (and do not make a typo in that file.. :), if you just want sshd to honor the settings you made in /etc/security/limits.conf, you should make sure you have UsePAM yes in /etc/ssh/sshd_config, and /etc/pam.d/sshd lists session required pam_limits.so (or otherwise includes another file that does so).
而不是使用/ etc / initscript的解决方法(并且不要在该文件中输入错误.. :),如果您只是希望sshd遵守您在/etc/security/limits.conf中所做的设置,那么您应该确保你在/ etc / ssh / sshd_config中有UsePAM是,而/etc/pam.d/sshd列出了所需的会话pam_limits.so(或者包含另一个这样做的文件)。
That should be all there is to it.
应该就是它的全部内容。
In older versions od openssh (<3.6 something) there was also a problem with UsePrivilegeSeparation that prevented limits being honored, but it was fixed in newer versions.
在较旧的版本od openssh(<3.6 something)中,UsePrivilegeSeparation也存在一个问题,它阻止了限制,但它在较新版本中得到修复。
#2
3
Fiannly figured out the answer: add the following to /etc/initscript
Fiannly想出了答案:将以下内容添加到/ etc / initscript中
ulimit -c unlimited
ulimit -HSn 65535
# Execute the program.
eval exec "$4"
#3
2
ulimit requires superuser privileges to run.
ulimit需要超级用户权限才能运行。
I would suggest you to ask the server administrator to modify that value for you on the server you are trying to run the script on.
我建议您让服务器管理员在您尝试运行脚本的服务器上为您修改该值。
He/She can do that by modifying /etc/secutiry/limits.conf on Linux. Here is an example that might help:
他/她可以通过修改Linux上的/etc/secutiry/limits.conf来做到这一点。这是一个可能有用的示例:
* soft nofile 8192
* hard nofile 8192
After that, you don't need to restart sshd. Just logout and login again.
之后,您无需重新启动sshd。只需注销并再次登录。
I would suggest you to ask the same question in ServerFault though. You'll get better server-side related answers there.
我建议你在ServerFault中问同样的问题。你会得到更好的服务器端相关答案。
#4
0
Check the start up scripts (/etc/profile, ~/.??*) for a call to ulimit. IIRC, once a limit has been imposed, it can't be widened anymore.
检查启动脚本(/ etc / profile,〜/。??*)以获取对ulimit的调用。 IIRC,一旦实施限制,就不能再扩大。