Understanding and Troubleshooting ulimit Issues Across SysVinit, Systemd, and PAM

The author, a seasoned NetEase game operations engineer with over ten years of experience, introduces the frequent ulimit-related issues encountered in both SysVinit and Systemd eras, as well as in containerized environments, and aims to help readers avoid these pitfalls.

SysVinit ulimit handling : In the SysVinit era, special configuration is required to set limits for child processes of PID 1. The article shows the configuration file used and explains that it affects the limits of forked subprocesses such as sshd , not PID 1 itself, and that a reboot is needed for the changes to take effect.

Systemd ulimit handling : With the adoption of Systemd, limits are defined in /etc/systemd/system.conf . Unlike SysVinit, this configuration directly influences PID 1’s limits, which can be verified via /proc/1/limits . A reboot is also required.

Common pitfalls :

Many applications rely on PAM configuration ( /etc/security/limits.conf ) which can override the limits set in SysVinit or Systemd.

In Debian, the wildcard * in limits.conf does not match the root user, leading to unexpected limits when services are restarted from a console session.

The article provides the corrected limits.conf example and a tip to always consult official documentation.

Systemd bug with DefaultLimitNOFILE=infinity : On Debian 8, setting this value resulted in a maximum open file limit of 65536 instead of the expected 1,048,576 due to a known Systemd bug (see commit 6385cb31). The fix is to set an explicit numeric limit or upgrade Systemd.

Container-specific issues : Different PAM versions handle default limits differently. Debian 8 containers inherit the host’s soft nofile limit, while Debian 9 containers use the compile‑time FD_SETSIZE (default 1024). Packaging a proper limits.conf in the container image resolves the issue.

Troubleshooting checklist : Identify the source of a process’s initial limits (parent process or PAM) and prioritize checking PAM configurations.

Common questions :

How to verify if an application uses PAM? Check files under /etc/pam.d/ .

How to determine whether the system uses SysVinit or Systemd? Inspect /sbin/init .

How to modify a running process’s limits without restarting? Use the prlimit command, as demonstrated with sshd examples.

Conclusion : While ulimit problems manifest in various ways, understanding the underlying mechanisms—parent process inheritance and PAM precedence—allows operators to resolve them efficiently.