Ulimit and Inittab - Security

This is a discussion on Ulimit and Inittab - Security ; Hi, I'm starting a transparent proxy via the /etc/inittab like this myproxy:23:respawn:/usr/local/bin/simpleproxy -L SOURCE -R DESTINATION and run into the file lilmit of 1024 simultaneous network connections. To increase the limit, I ran ulimit, but that did not help. I ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: Ulimit and Inittab

  1. Ulimit and Inittab

    Hi,

    I'm starting a transparent proxy via the /etc/inittab like this

    myproxy:23:respawn:/usr/local/bin/simpleproxy -L SOURCE -R DESTINATION

    and run into the file lilmit of 1024 simultaneous network connections.

    To increase the limit, I ran ulimit, but that did not help. I guess
    because it's scope is limited to the current shell.

    Then I increased the file limits by editing /etc/security/limits.conf
    to like this
    root soft nofile 2024
    root hard nofile 2024

    However, I still run into the same problem. Now I was wondering,
    whether or not the limits defined in /etc/security/limits.conf also
    apply to processes started via the inittab?

    Fritz


  2. Re: Ulimit and Inittab

    fritz-bayer@web.de wrote:

    > Hi,
    >
    > I'm starting a transparent proxy via the /etc/inittab like this
    >
    > myproxy:23:respawn:/usr/local/bin/simpleproxy -L SOURCE -R DESTINATION
    >
    > and run into the file lilmit of 1024 simultaneous network connections.
    >


    ....

    Did you run into the limit at start up, without usage, or when you
    started getting connections or you had otherwise initiated connections?
    I'm not familiar with the proxy you're running, but it doesn't seem
    like a very good design to either be suggested to be put in inittab or
    especially if it doesn't properly multiplex/thread where you are maxing
    out that many connections. I suppose it depends on the design of it,
    but I'm curious when you hit the limit?
    --
    Tim Greer, CEO/Founder/CTO, BurlyHost.com, Inc.
    Shared Hosting, Reseller Hosting, Dedicated & Semi-Dedicated servers
    and Custom Hosting. 24/7 support, 30 day guarantee, secure servers.
    Industry's most experienced staff! -- Web Hosting With Muscle!

  3. Re: Ulimit and Inittab

    fritz-bayer@web.de wrote:

    > Hi,
    >
    > I'm starting a transparent proxy via the /etc/inittab like this
    >
    > myproxy:23:respawn:/usr/local/bin/simpleproxy -L SOURCE -R DESTINATION
    >
    > and run into the file lilmit of 1024 simultaneous network connections.
    >



    ....

    Did you run into the limit at start up, without usage, or when you
    started getting connections or you had otherwise initiated connections?
    I'm not familiar with the proxy you're running, but it doesn't seem
    like a very good design to either be suggested to be put in inittab or
    especially if it doesn't properly multiplex/thread where you are maxing
    out that many connections.¬*¬*I¬*suppose¬*it¬*depends¬*on¬*the¬* design¬*of¬*it,
    but I'm curious when you hit the limit?
    --
    Tim Greer, CEO/Founder/CTO, BurlyHost.com, Inc.
    Shared Hosting, Reseller Hosting, Dedicated & Semi-Dedicated servers
    and Custom Hosting. 24/7 support, 30 day guarantee, secure servers.
    Industry's most experienced staff! -- Web Hosting With Muscle!

  4. Re: Ulimit and Inittab

    On 26 Sep., 20:33, Tim Greer wrote:
    > fritz-ba...@web.de wrote:
    > > Hi,

    >
    > > I'm starting a transparent proxy via the /etc/inittab like this

    >
    > > myproxy:23:respawn:/usr/local/bin/simpleproxy -L SOURCE -R DESTINATION

    >
    > > and run into the file lilmit of 1024 simultaneous network connections.

    >
    > ...
    >
    > Did you run into the limit at start up, without usage, or when you
    > started getting connections or you had otherwise initiated connections?
    > I'm not familiar with the proxy you're running, but it doesn't seem
    > like a very good design to either be suggested to be put in inittab or
    > especially if it doesn't properly multiplex/thread where you are maxing
    > out that many connections. I suppose it depends on the design of it,
    > but I'm curious when you hit the limit?
    > --
    > Tim Greer, CEO/Founder/CTO, BurlyHost.com, Inc.
    > Shared Hosting, Reseller Hosting, Dedicated & Semi-Dedicated servers
    > and Custom Hosting. 24/7 support, 30 day guarantee, secure servers.
    > Industry's most experienced staff! -- Web Hosting With Muscle!


    I got the error not at startup but after a long time running. The
    reason is that the proxy is connecting to some old webserver, which
    does not close the connections fast enough. So after a certain time
    there are 1024 open and when the proxy tries to get number 1025 I run
    into this exception.

    However, my original question is: Do limits which I define for root in
    limits.conf also count for "non logins" like processes started via
    inittab?

    Fritz

  5. Re: Ulimit and Inittab

    On 27 Sep, 08:04, "fritz-ba...@web.de" wrote:
    > On 26 Sep., 20:33, Tim Greer wrote:
    >
    >
    >
    > > fritz-ba...@web.de wrote:
    > > > Hi,

    >
    > > > I'm starting a transparent proxy via the /etc/inittab like this

    >
    > > > myproxy:23:respawn:/usr/local/bin/simpleproxy -L SOURCE -R DESTINATION

    >
    > > > and run into the file lilmit of 1024 simultaneous network connections.

    >
    > > ...

    >
    > > Did you run into the limit at start up, without usage, or when you
    > > started getting connections or you had otherwise initiated connections?
    > > I'm not familiar with the proxy you're running, but it doesn't seem
    > > like a very good design to either be suggested to be put in inittab or
    > > especially if it doesn't properly multiplex/thread where you are maxing
    > > out that many connections. I suppose it depends on the design of it,
    > > but I'm curious when you hit the limit?
    > > --
    > > Tim Greer, CEO/Founder/CTO, BurlyHost.com, Inc.
    > > Shared Hosting, Reseller Hosting, Dedicated & Semi-Dedicated servers
    > > and Custom Hosting. 24/7 support, 30 day guarantee, secure servers.
    > > Industry's most experienced staff! -- Web Hosting With Muscle!

    >
    > I got the error not at startup but after a long time running. The
    > reason is that the proxy is connecting to some old webserver, which
    > does not close the connections fast enough. So after a certain time
    > there are 1024 open and when the proxy tries to get number 1025 I run
    > into this exception.
    >
    > However, my original question is: Do limits which I define for root in
    > limits.conf also count for "non logins" like processes started via
    > inittab?
    >
    > Fritz


    The limits.conf settnig is bounded by the settings in the kernel -
    what does
    cat /proc/sys/fs/file-max

    say?
    (AIR this is writable to change)

    Also, check the number of file handles:
    cat /proc/sys/fs/file-nr
    (first number is the handles open and in use, last number is max)

    C.

+ Reply to Thread