Ubuntu Servers :: Is It Safe To Raise The Open Files Limit
Mar 7, 2011
Running an nginx webserver on Ubuntu 10.04 lts In the process of trying to optimize the mysql, various tuning scripts keep telling me to raise the table cache. But they also say the table cache should stay below 1/3 of the open files limit. I can raise that in mysql, but I guess you're not supposed to raise it above the OS's open files max. So I'd like to raise it (found what appear to be solid instructions here: [URL] But... Post by Kees here says it's not safe to raise it [URL] at least, not safe under certain conditions. But I'm not clear on what the conditions are. is it safe or not? If I knew how to just raise it for mysql, I'd do that. But as you can probably see, I'm pretty new to all this. Don't want to wreck my server. (my current limit is the default 1024... wd like to go to 204
This is happening on Ubuntu 9.10 serverI'm trying to increase the number of open files allowed for a user. This is for an nginx webserver where the current limit of 1024 is not enough.According to the posts I've found so far, I should be able to put lines into /etc/security/limits.conf like this;
if i wanna to compile the unrealircd ircd server with max 150 users what i have to do i remember is on limits.conf the open filesbut i am comfusing the soft and hardmust have the same number !? or different?the second is if i wanna this shell when the user download the pack and he going to make compile to allow him to have only the option to compile in leaf mode and not hubso
I really need to open Firefox in Safe Mode as I have installed foxyproxy and it's gone wrong! and it won't let firefox open, so i need to open it in safe mode, how would i go about doing that?
I have got him to use ubuntu 10 which he loves but he is skeptical about the software in ubuntu software centre.How can I appease his concerns?Presumably all open source software in the download centre is safe?
I was searching around and I stumbled upon a Linux Kernelix Sockets Local Denial of Service exploit.I downloaded the exploit, compiled it ran it to check if I am vulnerable.As I was expecting, the exploit instantly "killed" my Maverick system and I had to use the power button to reset my computer...Is there any way to limit the numberof allowed open sockets?I don't think that this can be done using /etc/security/limits.conf in a similar way of preventing the fork bombs
I have a problem with open file limit. The software I'm installing claims "Open file limit (ulimit -H -n) too low (1014), need at least 6311" but when I check the linit I get the following
Code: # uname -a Linux server 2.6.32-5-amd64 #1 SMP Mon Mar 7 21:35:22 UTC 2011 x86_64 GNU/Linux
Last weekend i have increased the open file size (ulimit -n) for the application user id i have update the limits.conf file with necessary inputs restarted the service and the server as well, when i check the ulimit value for the specific user by switching user from other user it shows the new value (10240) but if i login directly using the application id the ulimit value shows as 1024 which one is the default one.
In Lucid I have some ufw rules but I figured that I need to limit the ICMP messages that the box responds to and also limit their number. There are iptables rules to accomplish this but since I already have ufw rules it is safe to use iptables only for ICMP rules ?
I have a server with 48 cores, 8 6-way Opteron CPU's. Ubuntu Server 9.04 only sees 32 processors. Is there a limit on the number of cores/processors that the server will use? Windows 2008 on the same server sees all 48 cores and the so does the BIOS, so this is unique to Ubuntu right now.
I really don't understand what's happening.I make a 3.5tb RAID array in Disk Utility, yet it makes it so that one partition is 3tb and the other is 500 gigs free!Why is that? Ext4 can do huge partition sizes I thought.
I need to first point out that I am a complete n00b when it comes to Ubuntu Server, and I managed to install Ubuntu Server 10.04.1 (on a screen-less Acer Aspire 5100 laptop) with Apache2, MySQL, OpenSSH, & PHP5. I currently have this server (hosting my website) behind a linksys router with only port 22, and 80 forwarded to its ip address. Now my question is: Would it be safe to configure a print server on the same machine in order to print from the 3 other computers on my router to one printer, or are there security risks involved (like what I have heard with LAMP servers and Samba on the same machine)? I am also wondering if it is safe the way I configured port 80 & 22? It has extremely long passwords, and I also went through the secure installation of one of the programs setting a root password too... But can somebody please help me with my server? I am very surprised I have gone this far in my first 2 weeks of my Web Scripting class too!
Is there a way to limit the speed that apache will send a page to a specific computer in my LAN? I would like to be able to test what my pages would be like if they loaded at 25KB/s for example. My Server is 192.168.0.2 and the other 'browser' computer is 192.168.0.4.
The website creates a RPG character through a traditional Wizard. It calls itself with a hidden variable being the page number and tests which page and returns the page data with the page incremented.
Each page should be treated as a seperate page and so would be unique. I am echoing the contents of POST to the top of the page and so I can see variables being returned. When I get data from an Ajax query from page three it saves the data (23 post fields of no more than 25 characters for each field). Page four does the same but with less fields - but it is NOT returning the data - only four fields being those that were originally posted.
I cut/paste the function from section three to section four and changed the displayed text and the names of variables to test so there are no code errors, since page three works and is saved to a database.
So the only option is that there is a PHP or Apache2 issue when POST variables are returned? I am completely out of ideas as to why this would even be an issue or how it could possibly appear.
Is the number of variables an issue? This page is less than the previous page.... And the form is POSTed...
PS: I am getting NOTICE errors from PHP being the POSTed variables that are not displayed/returned... I used:
error_reporting (E_ALL ^ E_NOTICE);
to stop these form being reported but do I need to test each one? PPS: Using If Isset($_POST['xxx']) does NOT allow that variable through...
PS: I have the default Ubuntu 10.04 Apache2 with all the ubuntu 10.04 updates...
I have a number of servers I manage, and one of them is archiving old data that is never modified on a separate partition. This partition is at 100% capacity. A friend of mine says this is an unsafe way to keep this partition, even tho I don't plan to add any more data to it or change anything within. I know I can archive the data to dvd, but I'd like to keep the data online for my users.
What are your opinions on this? Can I keep this archive partition at 100% capacity? Or do I risk some sort of data corruption? Should I mount this partition as read-only to help prevent any corruption?
I successfully configured a VPN using IPSec(Openswan) and xl2ptd. While roughly following this guide (among countless others): [URL]
The VPN-Connection works fine, connecting to it is also a swirl, I can reach all that I want in the network, and also the gateway to the Internet works - everything being routed through that VPN.
Now my problem is actually the next steps, and I didn't succeed finding the right result on any possible search:
a) I want to limit, that the VPN-Connection is only used for distinct connections to hosts, that aren't in a "company subnet", but the IP's are publicly available. (Example: The Target-IP 8.8.8.8 allows per iptables, that only my VPN-Host 1.2.3.4 accesses it via SSH, and thus I only can access that Target-IP via SSH when I'm on the VPN). When actually browsing to the ubuntu-website, I want, that NOT the VPN-Connection is used but rather my normal connection (as a reference: i'm on a Windows-Client - not my choice, btw.)
b) I want to have several such "limitations" grouped, and give users 'access-rights' to certain hosts (Examples: Admin gets access to all on all ports Testers get access to some machines on distinct ports CEO gets access only to the mailserver via POP3 or IMAP
using kubuntu 9.04 on AMD 64,working with ISPconfig panel.I have postfix configured and have no problem getting mails with small attachments, but when they pass certain size I don't get them.Where can I configure this?
I'm thinking about some ways to limit access to my web-server. It runs Nginx and php in FCGI. The server contains a large amount of information. The data is freely available and no authentication is required but other companies might like to mirror it and use on their own servers.
The requests could be limited on different levels: IP, TCP, HTTP (by nginx) or by the php application. I found some solutions (like Nginx's limit_req_zone directive), but they do not solve the second part of the problem: there's no way to define a whitelist of clients who are allowed to use the data.
I thought about an intellectual firewall that would limit the requests on IP basis, but I'm yet to find such device. Another way was to hack some scripts that would parse the log file every minute and modify the iptables to ban suspicious IPs. It would take days and I doubt this system will survive, say, 1000 requests per second.
Perhaps, some HTTP proxy, like Squid, could do this?
I have a command line server that logs to stdout, which I start along the lines of ./server > log.txt
What I want to do is limit the size of log.txt, without modifying the server.
I am assuming there must be some kind of tool already that lets me do this, something like where I can pass in my server, the output file and a size limit? If so, can anyone enlighten me?
I am using ssh server to connect to my Ubuntu desktop. I opened the file sshd_config and change my port number of the server.I want to put a limit on the number of clients in the ssh server.
I'm running nginx for static files and as a proxy server for a comet IM server on ubuntu Jaunty. On high load I'm hitting a limit of 1024 file descriptors. I've tried increasing this limit but still can't pass 1024. Does "more /proc/sys/fs/file-nr" gives me the global count of used file descriptors? Why do I see a maximum of 1024 open file descriptors in /proc/sys/fs/file-nr if this is the global count for the machine and each user should have at least 1024 allowed file descriptors by default? Is there a way to increase the limit while the server is running?
Some relevant info on my server: sudo more /proc/sys/fs/file-nr 1024038001 sudo sysctl fs.file-max fs.file-max = 38001 sudo nano /etc/security/limits.conf ... * hard nofile 30000 * soft nofile 30000
I also added this to /usr/local/nginx/conf/nginx.conf: worker_rlimit_nofile 10240; Uncommented the following line in /etc/pam.d/su: session required pam_limits.so
How to limit emails sent outside my domain or from a user in my domain with postfix to a valid user? i.e., bob can't send email as jane both from my domain and neither can send email to bob@hotmail.com as someone other then themselves. Using postfix with dovecot authentication through mysql.
I'm running Fedora 15, and am trying to run a program that uses gsoap/soapcpp2 2.7.17 to communicate with different parts of the program. As far as I know everything has compiled correctly and I am using the same versions of the required libraries as several working installations. However, every single time the program tries to open a port, the program is unable to do so. This happens no matter what port I specify.
if there is anything in fedora that would limit or disable the ability of the program to open a port to start communicating. I have tried disabling the firewall with no change to the behaviour.
Long story short, my Windows had a fatal crash the other day and since I couldn't find the installation disk, I burned the Ubuntu 9.10 disk image to a CD at a friend's place and installed it on one partition of the hard drive. The other partition contained tons of Windows programs and documents in an NTFS system. Ubuntu is cool and all, but when I finally found the Windows disk, I wanted to reinstall it for dual-booting, to use some programs that don't run well in Wine.
To keep some documents safe and not waste any CDs, I moved them over to the Ubuntu partition before installing Windows. As experienced ubuntuists know, the slightly clumsy Windows installer erases GRUB in the process, and it's recommended to install Windows first. So, now I ended up with a working Windows partition and an Ubuntu partition with all of the stored data, which I can access via guest status with the burned CD.
Here's the catch though - as a guest and without Linux properly installed I can't move anything I moved to the Linux partition from the Windows partition back anymore. All the folders have a little X on their top corner. I'd be glad to reinstall Ubuntu now, but I must know how to keep all that tranferred data safe. Can I keep it there during the reinstallation? Should I install Wubi on Windows and access the stuff through it?
My Windows XP Pro laptop has been attacked! Windows will no longer update and Microsoft Security Essentials will not update either. I've been trying to resolve the issue for over two weeks with Microsoft support, but it's just taking too long. I also tried some rescue CD options (all running some form of Linux, obviously):
- BitDefender Rescue CD (removed infections, now detects nothing), - Kaspersky Rescue CD 10 (removed infections, now detects nothing), - Trinity Rescue CD (won't load AV Engine, so can't use it to do anything).
Malwarebytes cleaned a bunch of stuff, but will not clean the final threat detected (it's supposed to get deleted on reboot, but never does). Hijack.FolderOptions is stuck in the accursed registry, and it keeps causing Windows Explorer to crash. I cannot rename files or work with them or everything just crashes.
So I'm ready to reinstall XP from scratch, and add a dual boot with Xubuntu & LXDE, which I'm already running on a much older laptop.
Question: I want to rescue the files I need. My idea was:
1) Install Xubuntu with dual boot. 2) Copy over files from Windows XP partition using Xubuntu. 3) Back up files to an external drive using Xubuntu. 4) Reinstall XP Pro and format hard drive. 5) Reinstall Xubuntu with dual boot. 6) Use Xubuntu for daily use. 7) Only use XP for those tasks that require it (TomTom updates ...)
Should I be concerned about the security risk from copying files from the Windows partition to the Xubuntu partition, and from there onto an external hard drive?
Is this the way to do it, or is there a better way? I just want my laptop back in working order. Right now I can't use it for anything.
I have an Ubuntu server running in our small office. Among its many duties is report generation. It uses PHP and DOMPDF (a PHP library for converting HTML/CSS to PDFs for printing). PHP's default memory limit of 32MB is not even close to being enough to pull large amounts of data from the database and generate images/tables/PDFs with that data.
I increased the memory limit to 64MB and that is adequate for reports under 3 pages or so (varies based on table complexity, images, etc). If any user tries to generate a report longer than that, PHP just throws a "out of memory" error and doesn't make the report.
My question is: what are the possible consequences of increasing the memory limit yet again to 128MB or maybe even higher? The server isn't terribly powerful. It has 2GB RAM and 4GB swap space. I know that isn't much but this is a small office and at most I can only see two or three people trying to run reports at the same time. As for security, apache is currently only serving pages in the local network, but sometime within the next year I'll probably have it hosting a public website (currently using a hosting service). Is a high memory limit a potential security risk when exposed to the internet?
EDIT: Sorry, PHP's default memory limit is 16 not 32 as I said. Question still stands, however
