OCM_Session7_5_修改/etc/security/limits.conf和 /etc/pam.d/login和/etc/profile

最新推荐文章于 2022-12-01 14:06:38 发布

Riveore

最新推荐文章于 2022-12-01 14:06:38 发布

阅读量4.7k

点赞数

分类专栏： OCM experiment

本文链接：https://blog.csdn.net/rlhua/article/details/21860005

版权

OCM experiment 专栏收录该内容

42 篇文章 0 订阅

订阅专栏

五、修改/etc/security/limits.conf和 /etc/pam.d/login和/etc/profile

这个在OCM环境已经配置好。

参考官方文档： http://docs.oracle.com/cd/B19306_01/install.102/b14203/prelinux.htm

To increase the shell limits:

Add the following lines to the /etc/security/limits.conf file:

oracle              soft    nproc   2047

oracle               hard    nproc   16384

oracle               soft    nofile 1024

oracle               hard    nofile 65536
Add or edit the following line in the /etc/pam.d/login file, if it does not already exist:

session required /lib/security/pam_limits.so
Depending on the oracle user's default shell, make the following changes to the default shell startup file:
- For the Bourne, Bash, or Korn shell, add the following lines to the /etc/profile file (or the file on SUSE systems)/etc/profile.local:
  
  if [ $USER = "oracle" ]; then
  
          if [ $SHELL = "/bin/ksh" ]; then
  
                ulimit -p 16384
  
                ulimit -n 65536
  
          else
  
                ulimit -u 16384 -n 65536
  
          fi
  
  fi
- For the C shell (csh or tcsh), add the following lines to the /etc/csh.login file (or the file on SUSE systems)/etc/csh.login.local:
  
  if ( $USER == "oracle" ) then
  
  limit maxproc 16384
  
  limit descriptors 65536
  
  endif
Repeat this procedure on all other nodes in the cluster.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------

我的修改如下：

rac1节点

[root@rac1 ~]# cp /etc/security/limits.conf /etc/security/limits.conf.bak

[root@rac1 ~]# vi /etc/security/limits.conf

# /etc/security/limits.conf

#Each line describes a limit for a user in the form:

#<domain> <type> <item> <value>

#Where:

#<domain> can be:

# - an user name

# - a group name, with @group syntax

# - the wildcard *, for default entry

# - the wildcard %, can be also used with %group syntax,

# for maxlogin limit

#<type> can have the two values:

# - "soft" for enforcing the soft limits

# - "hard" for enforcing hard limits

#<item> can be one of the following:

# - core - limits the core file size (KB)

# - data - max data size (KB)

# - fsize - maximum filesize (KB)

# - memlock - max locked-in-memory address space (KB)

# - nofile - max number of open files

# - rss - max resident set size (KB)

# - stack - max stack size (KB)

# - cpu - max CPU time (MIN)

# - nproc - max number of processes

# - as - address space limit

# - maxlogins - max number of logins for this user

# - maxsyslogins - max number of logins on the system

# - priority - the priority to run user process with

# - locks - max number of file locks the user can hold

# - sigpending - max number of pending signals

# - msgqueue - max memory used by POSIX message queues (bytes)

# - nice - max nice priority allowed to raise to

# - rtprio - max realtime priority

#<domain> <type> <item> <value>

#* soft core 0

#* hard rss 10000

#@student hard nproc 20

#@faculty soft nproc 20

#@faculty hard nproc 50

#ftp hard nproc 0

#@student - maxlogins 4

oracle soft nproc 2047

oracle hard nproc 16384

oracle soft nofile 1024

oracle hard nofile 65536

"/etc/security/limits.conf" 58L, 1975C written

[root@rac1 ~]# cp /etc/pam.d/login /etc/pam.d/login.bak

[root@rac1 ~]# vi /etc/pam.d/login

#%PAM-1.0

auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so

auth include system-auth

account required pam_nologin.so

account include system-auth

password include system-auth

# pam_selinux.so close should be the first session rule

session required pam_selinux.so close

session optional pam_keyinit.so force revoke

session required pam_loginuid.so

session include system-auth

session optional pam_console.so

# pam_selinux.so open should only be followed by sessions to be executed in the user context

session required pam_selinux.so open

session required /lib/security/pam_limits.so

"/etc/pam.d/login" 15L, 695C written

[root@rac1 ~]#

[root@rac1 ~]# cp /etc/profile /etc/profile.bak

[root@rac1 ~]# vi /etc/profile

# /etc/profile

# System wide environment and startup programs, for login setup

# Functions and aliases go in /etc/bashrc

pathmunge () {

if ! echo $PATH | /bin/egrep -q "(^|:)$1($|:)" ; then

if [ "$2" = "after" ] ; then

PATH=$PATH:$1

else

PATH=$1:$PATH

}

# ksh workaround

if [ -z "$EUID" -a -x /usr/bin/id ]; then

EUID=`id -u`

UID=`id -ru`

# Path manipulation

if [ "$EUID" = "0" ]; then

pathmunge /sbin

pathmunge /usr/sbin

pathmunge /usr/local/sbin

# No core files by default

ulimit -S -c 0 > /dev/null 2>&1

if [ -x /usr/bin/id ]; then

USER="`id -un`"

LOGNAME=$USER

MAIL="/var/spool/mail/$USER"

HOSTNAME=`/bin/hostname`

HISTSIZE=1000

if [ -z "$INPUTRC" -a ! -f "$HOME/.inputrc" ]; then

INPUTRC=/etc/inputrc

export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE INPUTRC

for i in /etc/profile.d/*.sh ; do

if [ -r "$i" ]; then

if [ "$PS1" ]; then

. $i

else

. $i >/dev/null 2>&1

done

unset i

unset pathmunge

if [ $USER = "oracle" ]; then

if [ $SHELL = "/bin/ksh" ]; then

ulimit -p 16384

ulimit -n 65536

else

ulimit -u 16384 -n 65536

"/etc/profile" 74L, 1234C written

[root@rac1 ~]

---------------------------------------------------------------------------------------------------------------------

rac2节点：

[root@rac2 ~]# cp /etc/security/limits.conf /etc/security/limits.conf.bak

[root@rac2 ~]# vi /etc/security/limits.conf

# /etc/security/limits.conf

#Each line describes a limit for a user in the form:

#<domain> <type> <item> <value>

#Where:

#<domain> can be:

# - an user name

# - a group name, with @group syntax

# - the wildcard *, for default entry

# - the wildcard %, can be also used with %group syntax,

# for maxlogin limit

#<type> can have the two values:

# - "soft" for enforcing the soft limits

# - "hard" for enforcing hard limits

#<item> can be one of the following:

# - core - limits the core file size (KB)

# - data - max data size (KB)

# - fsize - maximum filesize (KB)

# - memlock - max locked-in-memory address space (KB)

# - nofile - max number of open files

# - rss - max resident set size (KB)

# - stack - max stack size (KB)

# - cpu - max CPU time (MIN)

# - nproc - max number of processes

# - as - address space limit

# - maxlogins - max number of logins for this user

# - maxsyslogins - max number of logins on the system

# - priority - the priority to run user process with

# - locks - max number of file locks the user can hold

# - sigpending - max number of pending signals

# - msgqueue - max memory used by POSIX message queues (bytes)

# - nice - max nice priority allowed to raise to

# - rtprio - max realtime priority

#<domain> <type> <item> <value>

#* soft core 0

#* hard rss 10000

#@student hard nproc 20

#@faculty soft nproc 20

#@faculty hard nproc 50

#ftp hard nproc 0

#@student - maxlogins 4

oracle soft nproc 2047

oracle hard nproc 16384

oracle soft nofile 1024

oracle hard nofile 65536

"/etc/security/limits.conf" 58L, 1975C written

[root@rac2 ~]# cp /etc/pam.d/login /etc/pam.d/login.bak

[root@rac2 ~]# vi /etc/pam.d/login

#%PAM-1.0

auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so

auth include system-auth

account required pam_nologin.so

account include system-auth

password include system-auth

# pam_selinux.so close should be the first session rule

session required pam_selinux.so close

session optional pam_keyinit.so force revoke

session required pam_loginuid.so

session include system-auth

session optional pam_console.so

# pam_selinux.so open should only be followed by sessions to be executed in the user context

session required pam_selinux.so open

session required /lib/security/pam_limits.so

"/etc/pam.d/login" 15L, 695C written

[root@rac2 ~]#

[root@rac2 ~]# cp /etc/profile /etc/profile.bak

[root@rac2 ~]# vi /etc/profile

# /etc/profile

# System wide environment and startup programs, for login setup

# Functions and aliases go in /etc/bashrc

pathmunge () {

if ! echo $PATH | /bin/egrep -q "(^|:)$1($|:)" ; then

if [ "$2" = "after" ] ; then

PATH=$PATH:$1

else

PATH=$1:$PATH

}

# ksh workaround

if [ -z "$EUID" -a -x /usr/bin/id ]; then

EUID=`id -u`

UID=`id -ru`

# Path manipulation

if [ "$EUID" = "0" ]; then

pathmunge /sbin

pathmunge /usr/sbin

pathmunge /usr/local/sbin

# No core files by default

ulimit -S -c 0 > /dev/null 2>&1

if [ -x /usr/bin/id ]; then

USER="`id -un`"

LOGNAME=$USER

MAIL="/var/spool/mail/$USER"

HOSTNAME=`/bin/hostname`

HISTSIZE=1000

if [ -z "$INPUTRC" -a ! -f "$HOME/.inputrc" ]; then

INPUTRC=/etc/inputrc

export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE INPUTRC

for i in /etc/profile.d/*.sh ; do

if [ -r "$i" ]; then

if [ "$PS1" ]; then

. $i

else

. $i >/dev/null 2>&1

done

unset i

unset pathmunge

if [ $USER = "oracle" ]; then

if [ $SHELL = "/bin/ksh" ]; then

ulimit -p 16384

ulimit -n 65536

else

ulimit -u 16384 -n 65536

"/etc/profile" 74L, 1234C written

[root@rac2 ~]#

----------------------------------------------------------------------------------------------------------------------------------------------

Riveore

关注

0
点赞
踩
2

收藏

觉得还不错? 一键收藏
0
评论
OCM_Session7_5_修改/etc/security/limits.conf和 /etc/pam.d/login和/etc/profile

五、修改/etc/security/limits.conf和 /etc/pam.d/login和/etc/profile 这个在OCM环境已经配置好。参考官方文档：http://docs.oracle.com/cd/B19306_01/install.102/b14203/prelinux.htmTo increase the shell limits:
复制链接

扫一扫