[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] too many files open?
- Subject: RE: [cobalt-security] too many files open?
- From: Graeme Fowler <graeme.fowler@xxxxxxxxxxxxxx>
- Date: Thu, 4 Apr 2002 09:10:05 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Matt Nuzum wrote:
<snip>
> Apr 2 15:45:03 www proftpd[16706]: Unable to open password file
> /etc/passwd for reading: Too many open files in system
<snip>
> Apr 1 04:43:56 www kernel: VM: do_try_to_free_pages failed for
> lcdstop...
<snip>
> Any suggestions or comments? On a scale of 1-10, where 1 is "no
> problem-o," and 10 is "It's gonna blow!", where am I?
Depending on your point of view, 1 or 10 :)
It isn't - necessarily - a security problem, it simply means (in combination
with the VM errors) that you're asking your RaQ to do Too Much.
You can tune your RaQ by familiarising yourself with the various sysctls in
/proc/, the most pertinent ones right here being:
/proc/sys/fs/file-max
/proc/sys/fs/file-nr
The first one shows the open file limit, the second the actual state:
/proc/sys/fs/file-max: 4096
/proc/sys/fs/file-nr: 1631 889 4096
So the limit on this (arbitrarily chosen non-Cobalt machine) is 4096 files
open. Right now it has 889, and has peaked at 1631.
To increase it, do:
echo "8192" > /proc/sys/fs/file-max
__BUT__ be very careful - if you already have VM problems I would not
recommend doing so, since more open files almost always equates to greater
RAM consumption. YMMV, of course.
It's worth looking to see what has all those files open in the first place -
you may often find it's badly-written CGI scripts, for example, which lie
around and never quit. Of course, if you have a heavily-loaded server with a
banner exchange scheme on it, that might affect it to. Guess who's seen that
one a few times? ;-)
Graeme
--
Graeme Fowler
System Administrator
Host Europe Group PLC