RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 830259 - /etc/security/limits.conf - only allowed to increase limits once (limit -u) even when set between original soft and hard values.
Summary: /etc/security/limits.conf - only allowed to increase limits once (limit -u) e...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: pam
Version: 6.2
Hardware: x86_64
OS: Linux
unspecified
low
Target Milestone: rc
: ---
Assignee: Tomas Mraz
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-06-08 16:46 UTC by Everett Bennett
Modified: 2012-06-12 16:34 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-06-11 06:33:27 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Everett Bennett 2012-06-08 16:46:05 UTC 
Description of problem:  Settings in /etc/security/limits.conf.

A non-root user cannot change the limit of say, nproc, more than once.
For example, if I have 'soft nproc 32768' and 'hard nproc 262144',
I can set the nproc to any number between 32768 and 262144 once per
login session.  However, once it is set, I cannot exceed the new
number even if is within the range of the original 'soft' and 'hard'
limits.  Also, note that '*' seems to no longer be accepted
in 'Domain' field.  The '*' worked on a RHEL 5.6 system.


Version-Release number of selected component (if applicable):

- RHEL 6.2 2.6.32-220.17.1.el6.x86_64
- RHEL 5.6 2.6.32-164  ( Note '*' works in this release. )


How reproducible:


Steps to Reproduce:
1.  Edit /etc/security/limits.conf, log into the system and attempt change limits using ulimit utility.

Actual results:

.  Edit /etc/security/limits.conf and insert lines as follows.

   *     	soft	nproc	65536
   *    	hard	nproc	262144
   login	soft	nproc	32768
   login 	hard	nproc	262144
2. Login as 'login'
3. ulimit -u 200000
4. ulimit -u 262144
5. ulimit -u 200001
6. ulimit -u 199999
7. ulimit -u 262145
-bash: ulimit: max user processes: cannot modify limit: Operation not permitted
8. ulimit -u 262144
9. ulimit -u 200000
10. ulimit -u 200001
11. ulimit -u 199999

Expected results:

.  Edit /etc/security/limits.conf and insert lines as follows.

   *     	soft	nproc	65536
   *    	hard	nproc	262144
   login	soft	nproc	32768
   login 	hard	nproc	262144
2. Login as 'login'
3. ulimit -u 200000
4. ulimit -u 262144
-bash: ulimit: max user processes: cannot modify limit: Operation not permitted
5. ulimit -u 200001
-bash: ulimit: max user processes: cannot modify limit: Operation not permitted
6. ulimit -u 199999
7. exit, log off, and log back in as 'login'
8. ulimit -u 262145
-bash: ulimit: max user processes: cannot modify limit: Operation not permitted
9. ulimit -u 262144
10. ulimit -u 200000
11. ulimit -u 200001
-bash: ulimit: max user processes: cannot modify limit: Operation not permitted
12. ulimit -u 199999

Additional info:

Apprently, similar issues have exist in other releases of Linux for some time now.  The disabling of the '*' in the Domain field may have been a more recent fix or bug, depending on how you look at it.
Comment 2 Tomas Mraz 2012-06-11 06:33:27 UTC 
There is /etc/security/limits.d/90-nproc.conf which overrides your nproc value. If you comment out the line in the file, everything will work as in RHEL-5.
Comment 3 Tomas Mraz 2012-06-11 06:39:34 UTC 
Comment #2 was about the "disabling" of the '*'. As for the ulimit semantics change - I am not sure where/if this changed however ulimit -u will set both hard and soft limits and hard limit cannot be raised only lowered. using ulimit -Su will change only the soft limit giving you the semantics you expect.
Comment 4 Everett Bennett, Jr. 2012-06-12 16:34:15 UTC 
Thanks for the info.  Apparently, one should re-read man pages on occasion.
My other objection was to document this issue as it appeared to be an issue in google search land.
Note You need to log in before you can comment on or make changes to this bug.