How to enable coredumps for daemon process (services) in RHEL

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux (RHEL) 5
  • Red Hat Enterprise Linux (RHEL) 6
  • Red Hat Enterprise Linux (RHEL) 7
  • Red Hat Enterprise Linux (RHEL) 8
  • Red Hat Enterprise Linux (RHEL) 9

Issue

  • How to enable coredumps for daemon process (services) in RHEL

Resolution

  • Core dumps are not generated by processes that are running setuid() to prevent sensitive information being leaked. This is a default behaviour on Linux systems. Daemon process running setuid() would not dump core. Please note that a process that executes set-use-ID ed program behaves as a process running setuid().

    • To enable core dumps for setuid() programs (for the running kernel, not persistent over reboots):
    #"suidsafe" (recommended) - protect privileged information by having the core dump be owned by and only readable for root:
# sysctl -w fs.suid_dumpable=2

#”debug" (may cause privileged information to be leaked):
# sysctl -w fs.suid_dumpable=1
    • For permanent settings (persistent over reboots), add the below in sysctl configuration in /etc/sysctl.conf.
    fs.suid_dumpable = 2
    • Reload in sysctl settings.
    # sysctl -p

  • Note that changes to ulimit [1] settings do not affect daemon processes which are already running, so you need to restart any daemons for which you want to enable core dumps. Alternatively, you can reboot the system to have the new settings take effect for all daemons.

Configurations for different RHEL versions :

  • Red Hat Enterprise Linux 5 :

    • Add the below sysctl parameters.
    kernel.core_pattern=/var/tmp/core
kernel.core_uses_pid=1
fs.suid_dumpable=2

    /var/tmp/core is an example in above configuration.

    # sysctl -p
    • Enable daemon corefile limit globally by editing the /etc/sysconfig/init file.
    # Added to enable coredumps for daemon processes
DAEMON_COREFILE_LIMIT='unlimited'
    • Make sure that below line is uncommented in /etc/init.d/functions
    corelimit="ulimit -S -c ${DAEMON_COREFILE_LIMIT:-0}"

  • Red Hat Enterprise Linux 6 :

    • Add the below sysctl parameters.
    fs.suid_dumpable=2

    # sysctl -p
    • Enable daemon corefile limit globally by editing the /etc/sysconfig/init file.
    # Added to enable coredumps for daemon processes
DAEMON_COREFILE_LIMIT='unlimited'
    • Make sure that below line is uncommented in /etc/init.d/functions
    corelimit="ulimit -S -c ${DAEMON_COREFILE_LIMIT:-0}"

  • Red Hat Enterprise Linux 7, 8, 9 :

    • In RHEL 7, 8, 9, the limit is set by systemd, add the following setting in /etc/systemd/system.conf and run systemctl daemon-reexec.
    DefaultLimitCORE=infinity
    • Now, add the below sysctl parameters.
    fs.suid_dumpable=2

    # sysctl -p

  • Red Hat Enterprise Linux 6, 7 and 8 has a service called ABRT [2], which automatically collects the core dump files on the server and stores them inside the /var/spool/abrt. The kernel.core_pattern values are managed by abrtd services.

Additional References :
[1] How to enable core file dumps when an application crashes or segmentation faults
[2] How to collect core dump file of a crashing program that is shipped in Red Hat Enterprise Linux 6/7/8?
[3] How to collect application coredump without abrtd service in RHEL7

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments