Chapter 11. Setting Shell Limits for the Oracle User
Most shells like Bash provide control over various resources like the maximum allowable number of open file descriptors or the maximum number of processes available to a user.
To see all shell limits, run:
For more information on
ulimitfor the Bash shell, see man bash and search for
On some Linux systems setting "hard" and "soft" limits in the following examples might not work properly when you log in as user oracle via SSH. It might work if you log in as root and
oracle. If you have this problem try to set
UsePrivilegeSeparationto "no" in
/etc/ssh/sshd_configand restart the SSH daemon by executing service
sshd restart. The privilege separation does not work properly with PAM on some Linux systems. Make sure to talk to the people in charge of security before disabling the SSH security feature "Privilege Separation".
11.1. Limiting Maximum Number of Open File Descriptors for the Oracle User
/proc/sys/fs/file-maxhas been changed, see Chapter 9, Setting File Handles, there is still a per user limit of maximum open file descriptors:
$ su - oracle $ ulimit -n 1024 $
To change this limit, edit the
/etc/security/limits.conffile as root and make the following changes or add the following lines, respectively:
oracle soft nofile 4096 oracle hard nofile 63536
The "soft limit" in the first line defines the number of file handles or open files that the Oracle user will have after they log in. If the Oracle user gets error messages about running out of file handles, then the Oracle user can increase the number of file handles like in this example up to 63536 ("hard limit") by executing the following command:
ulimit -n 63536
You can set the "soft" and "hard" limits higher if necessary.
It is not recommend to set the "hard" limit for nofile for the oracle user equal to
/proc/sys/fs/file-max. If you do that and the user uses up all the file handles, then the entire system will run out of file handles. This may prevent users logging in as the system cannot open any PAM modules that are required for the login process. That is why the hard limit should be set to 63536 and not 65536.
That these limits work you also need to ensure that
pam_limitsis configured in the
/etc/pam.d/system-authfile, or in
/etc/pam.d/loginfor local access and
telnetand disable telnet for all log in methods. Here are examples of the two session entries in the
session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so
Log in to the oracle user account since the changes will become effective for new login sessions only. Note the
ulimitoptions are different for other shells.
$ su - oracle $ ulimit -n 4096 $
The default limit for oracle is now 4096 and the oracle user can increase the number of file handles up to 63536:
$ su - oracle $ ulimit -n 4096 $ ulimit -n 63536 $ ulimit -n 63536 $
To make this change permanent, you could add "
ulimit -n 63536" ,for bash
bash, to the
~oracle/.bash_profilefile which is the user start up file for the
bashshell on Red Hat Enterprise Linux (to verify your shell execute
echo $SHELL). To do this you could simply copy and paste the following commands for oracle's
su - oracle cat >> ~oracle/.bash_profile << EOF ulimit -n 63536 EOF
To make the above changes permanent, you could also set the soft limit equal to the hard limit in
oracle soft nofile 63536 oracle hard nofile 63536