Adjusting resource limits

Norman Gray norman.gray at
Tue Feb 12 16:54:03 UTC 2019


I'm trying to work out how to manage resource limits for processes, and 
I'm clearly not understanding something.

I can apply a resource limit using rctl (after adding 
`kern.racct.enable=1` to /boot/loader.conf and rebooting), and use it to 
limit the number of open files with a command such as:

     # rctl -a user:ldap:openfiles:deny=1024

restricting user ldap to at most 1024 open files.  I can see the effect 
of that with

     # rctl

I can then restart my LDAP server (in this case), identify its PID, and 
query the limits on that process:

     # procstat -l 1130
      1130 slapd            openfiles             232299           

rather than the 1024 I expected to see.  What am I misunderstanding?

All I can think of is that the resource limits apply at the point when a 
process is created.  In this case, the process will be created by root 
and only later change owner to ldap -- does that mean that it's too late 
for any user:ldap limit to apply?  That wouldn't surprise me, but the 
text at 
doesn't make any mention of this.

If that is the case, what is the best way of imposing resource limits on 
a service such as this?  I can see how one could potentially do this by 
adjusting `command` in the appropriate rc.d script, to use `limits -n 
1024 command`, but that hardly seems the right thing to do.  Should I 
put such a service into a jail purely on the grounds that rctl could set 
limits for that?

I'd have expected to see some guidance on this in Chapter 11 of the 
manual ('Configuration and Tuning'), but can't.

Thanks for any pointers,


Norman Gray  :
SUPA School of Physics and Astronomy, University of Glasgow, UK

More information about the freebsd-questions mailing list