Chapter 11. Setting Shell Limits for the Oracle User

Most shells like Bash provide control over various resources like the maximum allowable number of open file descriptors or the maximum number of processes available to a user.
To see all shell limits, run:
ulimit -a
For more information on ulimit for the Bash shell, see man bash and search for ulimit.

Note

On some Linux systems setting "hard" and "soft" limits in the following examples might not work properly when you log in as user oracle via SSH. It might work if you log in as root and su to oracle. If you have this problem try to set UsePrivilegeSeparation to "no" in /etc/ssh/sshd_config and restart the SSH daemon by executing service sshd restart. The privilege separation does not work properly with PAM on some Linux systems. Make sure to talk to the people in charge of security before disabling the SSH security feature "Privilege Separation".

11.1. Limiting Maximum Number of Open File Descriptors for the Oracle User

After /proc/sys/fs/file-max has been changed, see Chapter 9, Setting File Handles, there is still a per user limit of maximum open file descriptors:
$ su - oracle
$ ulimit -n
1024
$
To change this limit, edit the /etc/security/limits.conf file as root and make the following changes or add the following lines, respectively:
oracle           soft    nofile          4096
oracle           hard    nofile          63536
The "soft limit" in the first line defines the number of file handles or open files that the Oracle user will have after they log in. If the Oracle user gets error messages about running out of file handles, then the Oracle user can increase the number of file handles like in this example up to 63536 ("hard limit") by executing the following command:
ulimit -n 63536
You can set the "soft" and "hard" limits higher if necessary.

Note

It is not recommend to set the "hard" limit for nofile for the oracle user equal to /proc/sys/fs/file-max. If you do that and the user uses up all the file handles, then the entire system will run out of file handles. This may prevent users logging in as the system cannot open any PAM modules that are required for the login process. That is why the hard limit should be set to 63536 and not 65536.
That these limits work you also need to ensure that pam_limits is configured in the /etc/pam.d/system-auth file, or in /etc/pam.d/sshd for ssh, /etc/pam.d/su for su, or /etc/pam.d/login for local access and telnet and disable telnet for all log in methods. Here are examples of the two session entries in the /etc/pam.d/system-auth file:
session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so
Log in to the oracle user account since the changes will become effective for new login sessions only. Note the ulimit options are different for other shells.
$ su - oracle
$ ulimit -n
4096
$
The default limit for oracle is now 4096 and the oracle user can increase the number of file handles up to 63536:
$ su - oracle
$ ulimit -n
4096
$ ulimit -n 63536
$ ulimit -n
63536
$
To make this change permanent, you could add "ulimit -n 63536" ,for bashbash, to the ~oracle/.bash_profile file which is the user start up file for the bash shell on Red Hat Enterprise Linux (to verify your shell execute echo $SHELL). To do this you could simply copy and paste the following commands for oracle's bash shell:
su - oracle
cat >> ~oracle/.bash_profile << EOF
ulimit -n 63536
EOF
To make the above changes permanent, you could also set the soft limit equal to the hard limit in /etc/security/limits.conf:
oracle           soft    nofile          63536
oracle           hard    nofile          63536