what are the ideal/best/recommended ulimit settings for a root user in AIX?
I understand that it depends on our environment. But I would like to know...what are settings you guys use in your environment for best performance.
Its always better to have unlimited for root, as its the boss.
Moreover, when you do operations as root, you need those values at higher range.
Example: To transfer huge file(s), you need files (blocks) at very high value or better unlimited, because it will stop the transfer after it reach the defined value.
So, keep the boss smiling and you will be happy too.
@ibmtech
thanks for your reply. I understand that unlimited needed for fsize parameter for transferring huge files. but i have doubt regarding the other parameter values like below
As suggested by others why would you want to set limits for root? If you limit root you risk locking yourself out of the OS. Any applications running should run as a user created for the task, you can then apply limits to that user to protect the servers performance without risking blocking the root user.
Just today we had an application spin out of control and hit the limit of processes for the user account which had started the application. This meant that application support could not login to the server, but as root I was able to login and kill the rogue process.
The limits are there to protect you. For a superuser account and indeed any other account, you have to ask yourself how much damage it could do by not having a limit.
I don't think that performance will come into it much unless your processing goes wild and an unlimited (or loosely limited) account starts grabbing all the system resources. This need not be a superuser either. We're had other software holding accounts grind a server to unusable. It's hard trying to escape even if you are already logged on as a superuser. Things like ps start failing and the like.
As a rule, I'd generally allow the least that I actually require.
If there was any such thing as ideal limits, the system would be locked into using the ideal limits and there would be no adjustment you could make. That said, a couple of issues do come to mind...
I do not like nproc to be unlimited. If someone does a while(1) fork(); I would like to be able to recover without a reboot.
We are required to justify every instance of core being any value other than 0. This is a security concern. A core file can contain information that should not be exposed. And assuming that the address space is also unlimited core files can consume lots of disk space. When a filesystem runs out of space one of the first things that admins look for are core files. Settings core to zero prevents the problem. Developers often need core files... so be it. But our default state is no core files and then we enable core files where we must.
You should leave the root/superuser account settings as the developers of the operating system intended unless you have very specific requirements that require you to change them.
You should not be running anything as the root user so its configuration shouldn't matter; it is the administration account. Always create a specific accounts to use for any applications you wish to run and set the limits for those users.