# /etc/security/limits.conf ?

## Guayasil

The primary group for all ordinary users of my server is 'users'. I've set two limits for fork bomb protection

@users         hard    nproc           128

@users         hard    maxlogins      16

With those setting my apache (which was extremely stable) every 1-2 days got out of resources and crashed. I removed those settings and now it's OK. Tried once again -- the same result. The problem is that apache is not a member of the 'users' group and I don't understand why those settings affect it. Can anyone explain it to me?

Best regards,

----------

## tgR10

duno why, but to fix this issue

edit apache init script so the startup section will look like this

 *Quote:*   

> start() {
> 
> 	checkconfig || return 1
> 
> 	[ -f /var/log/apache2/ssl_scache ] && rm /var/log/apache2/ssl_scache
> ...

 

----------

## Rexilion

 *tgR10 wrote:*   

> ulimit -u unlimited

 [/quote]

Isn't that another security problem?

----------

## Hu

How do you start your Apache server?  It is possible that it was started by a user who had been restricted, and therefore Apache inherited the restriction.

Rexilion: it could be, yes.  The full answer depends on whether or not the Apache in question could encounter a scenario that caused it to engage in a fork bomb.  I would probably set the process limit to a limited value, though higher than the one which is presently causing trouble.  Adjust it accordingly based on whether the new limit fixes the reported failure.

----------

## Guayasil

 *Hu wrote:*   

> How do you start your Apache server?  It is possible that it was started by a user who had been restricted, and therefore Apache inherited the restriction.
> 
> 

 

Just: 

```
rc-update add apache default
```

and

```
su -

/etc/init.d/apache restart
```

----------

## Hu

 *Guayasil wrote:*   

>  *Hu wrote:*   It is possible that it was started by a user who had been restricted, and therefore Apache inherited the restriction.
> 
>  
> 
> ```
> ...

 Exactly!  Let the init system start Apache on its own, patch the init script to relax the rlimit settings that your root shell imposed, or change your root profile settings to relax the rlimit settings as part of the root login process (via .bash_profile or .bashrc).

----------

