# maximum number of open files for apache - limits.conf

## [dmnd]

Hello,

I would like to raise the maximum number of open files for apache through the limits.conf file.

However there are two limits files in gentoo, which one should i need to use?

/etc/limits or /etc/security/limits.conf ?

man limits claims it has to be /etc/limits

Should i raise the maximum number of files for the user root or apache ?

This because when apache is started it is running as root the first time and forks to user apache.

I guess i should raise it for the user apache.

The kernel i am using also runs with grsec and i see in my dmesg, that the grsec process kills apache processes:

```
grsec: more alerts, logging disabled for 10 seconds

grsec: From 213.148.234.171: signal 11 sent to (apache2:1028) UID(0) EUID(0), parent (apache2:27330) UID(0) EUID(0)

grsec: From 213.148.234.171: signal 11 sent to (apache2:1028) UID(0) EUID(0), parent (apache2:27330) UID(0) EUID(0)

grsec: From 213.148.234.171: signal 11 sent to (apache2:25238) UID(0) EUID(0), parent (apache2:27330) UID(0) EUID(0)

grsec: From 213.148.234.171: signal 11 sent to (apache2:25238) UID(0) EUID(0), parent (apache2:27330) UID(0) EUID(0)

grsec: From 213.148.234.171: signal 11 sent to (apache2:7178) UID(0) EUID(0), parent (apache2:27330) UID(0) EUID(0)

```

ulimit -n output:

```
web0(root) /etc/security # ulimit -n

1024

web0(root) /etc/security #

```

Should i recompile my kernel?

Is grsec using its own open files limit or ... ?

Regards,

Wouter

----------

## evilben

In my experience, the /etc/security/limits.conf file is the one that affects things (I guess /etc/limits might too, but /etc/security/limits.conf is the one I use). After changes, I have to restart to see an effect. And, as far as I know, root isn't affected by these limits, so you should just have to change it for the apache user.

I don't use grsec, though. Not sure what it might be doing. If you're already using the default /etc/security/limits.conf, I don't think it actually sets any limits, so altering it might not be the way out, but it's worth a try.

----------

## [dmnd]

Hmmm, not much information so far, anyway for the archives:

I have figured out what was wrong in the mean time: 

/etc/pam.d/sshd needs the following line added:

```
session    required     /lib/security/pam_limits.so
```

And /etc/pam.d/login:

```
session    required     /lib/security/pam_limits.so
```

If you then relogin the new limits are set (`ulimit -n`), /etc/security/limits.conf now contains the following lines:

```
*       soft    nofile  4096

*       hard    nofile  4096
```

Apache2 is running happy now..

Wouter

----------

## yottabit

Have done as shown in previous posts, and the open file limit works for user sessions, but still not reflected for apache.  :Sad: 

To verify, I put this into a php file:

```
<pre><?php print system('ulimit -a'); ?></pre>
```

And the output is this:

```
core file size          (blocks, -c) 0

data seg size           (kbytes, -d) unlimited

file size               (blocks, -f) unlimited

pending signals                 (-i) 40960

max locked memory       (kbytes, -l) 32

max memory size         (kbytes, -m) unlimited

open files                      (-n) 1024

pipe size            (512 bytes, -p) 8

POSIX message queues     (bytes, -q) 819200

stack size              (kbytes, -s) 8192

cpu time               (seconds, -t) unlimited

max user processes              (-u) 40960

virtual memory          (kbytes, -v) unlimited

file locks                      (-x) unlimited

file locks                      (-x) unlimited
```

Can anyone please give me a pointer on what I'm doing wrong?

Cheers

----------

## qriff

https://forums.gentoo.org/viewtopic-p-5294642.html#5294642

----------

