Subject: pam limits.conf cannot change stack size for shell Date: 2020-12-04 To: redhat-list@redhat.com We have a few new VMs running Red Hat Enterprise Linux release 8.3. After installing OS and creating user oracle, oracle logs in and has these resource limits for the shell: [oracle@myhost ~]$ ulimit -a core file size (blocks, -c) unlimited data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 257480 max locked memory (kbytes, -l) 64 max memory size (kbytes, -m) unlimited open files (-n) 1024 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 8192 cpu time (seconds, -t) unlimited max user processes (-u) 257480 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited Then we add the following lines to /etc/security/limits.conf (recommended by Oracle): # Oracle RAC required user limits oracle soft nproc 65536 oracle hard nproc 131072 oracle soft nofile 8192 oracle hard nofile 65536 oracle soft stack 10240 oracle soft memlock 64000000 oracle hard memlock 64000000 and this line to /etc/pam.d/login: session required pam_limits.so oracle logs in again and sees these limits (my notes are after the arrows): [oracle@myhost ~]$ ulimit -a core file size (blocks, -c) unlimited data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 257480 max locked memory (kbytes, -l) 64000000 <-- was 64 max memory size (kbytes, -m) unlimited open files (-n) 8192 <-- was 1024 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 8192 <-- remains as 8192 cpu time (seconds, -t) unlimited max user processes (-u) 65536 <-- was 257480 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited Everything meets Oracle's requirement except for stack size. We checked everything we can think of including files in ~oracle (hidden or not) but can't find out why stack size doesn't change per pam limits.conf. Running (as root) find /etc -type f -exec grep stack {} /dev/null \; doesn't reveal anything about setting stack except for the line in /etc/security/limits.conf. (Note: /etc/security/limits.d is empty.) Since some settings in limits.conf do take effect, pam must be working (/etc/ssh/sshd_config has UsePAM set to yes). For now, we add "ulimit -s 10240" to /etc/profile as a workaround and it works fine. But would like to find out why only "oracle soft stack 10240" in limits.conf is ignored.