Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[Solved] how to set ulimit for dovecot service
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
doublehelix
n00b
n00b


Joined: 06 Apr 2019
Posts: 5

PostPosted: Sat Apr 06, 2019 11:04 am    Post subject: [Solved] how to set ulimit for dovecot service Reply with quote

How do I set the ulimit for the service dovecot? Not for the whole system, just for dovecot.

Just for reference, this is required because I want to have
Code:
client_limit=5000
in dovecot's auth configuration.
Dovecot justifiably moans about the low ulimit:
Quote:
warning: fd limit (ulimit -n) is lower than required under max. load (1024 < 5000), because of service auth { client_limit }


Last edited by doublehelix on Sun Apr 07, 2019 9:16 pm; edited 1 time in total
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 18084

PostPosted: Sat Apr 06, 2019 4:46 pm    Post subject: Reply with quote

I'd probably create a file for devecot in /etc/security/limits.d/ (man limits.conf for details). Something like "dovecot hard nofile 5000".
_________________
Those who know what's best for us must rise and save us from ourselves.
Back to top
View user's profile Send private message
doublehelix
n00b
n00b


Joined: 06 Apr 2019
Posts: 5

PostPosted: Sun Apr 07, 2019 2:22 pm    Post subject: Reply with quote

This seems like the correct solution. Unfortunately I can't get it to work. I still get the same warning on restarting dovecot.
I tried:

Code:

dovecot         soft    nofile      5000
dovecot         hard    nofile      5000

And since some of dovecot's processes run as root (and some as dovecot) I also added
Code:

root         soft    nofile      5000
root         hard    nofile      5000

And when that didn't work I tried (just for testing):
Code:

*         soft    nofile      5000
*         hard    nofile      5000

However there's still the same warning on service restart:
Code:

warning: fd limit (ulimit -n) is lower than required under max. load (1024 < 5000), because of service auth { client_limit }

It seems these settings are somehow not applied.
I've tried these in the self-created /etc/security/limits.d/dovecot and also in the existing /etc/security/limits.conf.
Back to top
View user's profile Send private message
mike155
Veteran
Veteran


Joined: 17 Sep 2010
Posts: 1530
Location: Frankfurt, Germany

PostPosted: Sun Apr 07, 2019 3:14 pm    Post subject: Reply with quote

1) Do you use OpenRC? Or Systemd?

2) How do you start dovecot? From a 'root' login? Or during boot process?

Please note that /etc/security/limits.conf is provided by PAM. If PAM is not involved in the dovecot startup process, settings in /limits.conf won't be used...

For example, if you use OpenRC and start dovecot during the boot process, settings in limits.conf won't be used, because there's no login. And if you log in as root and start dovecot manually, changes in limits.conf will only be used after you logged out and logged in again...

So yes, there's a lot of confusion about limits.conf. It doesn't work the way people think it should work.
Back to top
View user's profile Send private message
doublehelix
n00b
n00b


Joined: 06 Apr 2019
Posts: 5

PostPosted: Sun Apr 07, 2019 9:15 pm    Post subject: Reply with quote

I use OpenRC and start dovecot during boot (and manually after an upgrade) via
Code:
/etc/init.d/dovecot start


So yeah, that explains the problem!
I found the OpenRC way to do it and it works! :D
Create /etc/conf.d/dovecot with this content:
Code:
rc_ulimit="-n 5000"
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum