Subject: pam limits.conf cannot change stack size for shell
Date: 2020-12-04
To: redhat-list@redhat.com
We have a few new VMs running Red Hat Enterprise Linux release 8.3. After installing OS and creating user oracle, oracle logs in and has these resource limits for the shell:

[oracle@myhost ~]$ ulimit -a
core file size          (blocks, -c) unlimited
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 257480
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) 257480
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

Then we add the following lines to /etc/security/limits.conf (recommended by Oracle):

# Oracle RAC required user limits
oracle soft nproc   65536
oracle hard nproc   131072
oracle soft nofile  8192
oracle hard nofile  65536
oracle soft stack   10240
oracle soft memlock 64000000
oracle hard memlock 64000000

and this line to /etc/pam.d/login:
session    required     pam_limits.so

oracle logs in again and sees these limits (my notes are after the arrows):

[oracle@myhost ~]$ ulimit -a
core file size          (blocks, -c) unlimited
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 257480
max locked memory       (kbytes, -l) 64000000  <-- was 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 8192 <-- was 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 8192 <-- remains as 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) 65536 <-- was 257480
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

Everything meets Oracle's requirement except for stack size. We checked everything we can think of including files in ~oracle (hidden or not) but can't find out why stack size doesn't change per pam limits.conf. Running (as root)
find /etc -type f -exec grep stack {} /dev/null \;
doesn't reveal anything about setting stack except for the line in /etc/security/limits.conf. (Note: /etc/security/limits.d is empty.) Since some settings in limits.conf do take effect, pam must be working (/etc/ssh/sshd_config has UsePAM set to yes). For now, we add "ulimit -s 10240" to /etc/profile as a workaround and it works fine. But would like to find out why only "oracle soft stack 10240" in limits.conf is ignored.