Scribd
Upload
10 views10 pages

Oracle Linux: Se Ing "No Les" For Oracle User During An Oracle Database Install Doe

This knowledge article addresses issues with setting ulimit values for the Oracle user during database installation on Oracle Linux 7. It provides a solution that involves modifying PAM configuration files to ensure the correct kernel parameters are loaded for the Oracle user. The article includes detailed instructions on the necessary changes to various configuration files to resolve the issue.

Uploaded by

achref
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
10 views10 pages

Oracle Linux: Se Ing "No Les" For Oracle User During An Oracle Database Install Doe

This knowledge article addresses issues with setting ulimit values for the Oracle user during database installation on Oracle Linux 7. It provides a solution that involves modifying PAM configuration files to ensure the correct kernel parameters are loaded for the Oracle user. The article includes detailed instructions on the necessary changes to various configuration files to resolve the issue.

Uploaded by

achref
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

Knowledge Article https://support.oracle.com/ic/builder/rt/customer_portal/live/webApps/customer-portal/?ancho...

My Oracle Cloud Support Account (15) 

Oracle Linux: Se�ing


Applies To
"no�les" for Oracle
User During an Oracle All Users Oracle Cloud Infrastructure - Version N/A and later

Database Install doe…


Summary
KB113265

Last Updated
While trying to setup Database on Oracle Linux 7, the no�le, nproc
stack and memlock value for oracle user the ulimit output is displayed
Aug 21, 2024
with incorrect information.
Service
Oracle Cloud Infrastructure
Environment:

Be the �rst to rate this 1- Local User Oracle (Only).


article
2- LDAP user (All other users).

3- New value for kernel parameter are set on /etc/security/


limits.d/99-oracle-rdbms-server-12cR1-preinstall.conf

4- Other Kernel Parameter are set on /etc/sysctl.conf

Solution

According to the nss-pam-ldapd man page:


MODULE SERVICES PROVIDED

1 sur 10 2/18/2025, 1:30 PM


Knowledge Article https://support.oracle.com/ic/builder/rt/customer_portal/live/webApps/customer-portal/?ancho...

"All services are provided by this module but currently sessions changes are
not implemented in the nslcd daemon"

On /etc/pam.d/system-auth-ac and su, it was found "session


su�cient pam_ldap.so" as the �rst line.

The �x is to modify system-auth-ac and su on session section:

[root@<HOSTNAME> pam.d]# cat system-auth-ac


#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig
is run.
auth required pam_env.so
auth sufficient pam_fprintd.so
auth sufficient pam_unix.so try_first_pass
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so

account required pam_access.so


account required pam_unix.so broken_shadow
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 1000 quiet
account [default=bad success=ok user_unknown=ignore]
pam_ldap.so
account required pam_permit.so

password requisite pam_pwquality.so try_first_pass


local_users_only retry =3 authtok_type=
password sufficient pam_unix.so sha1412 shadow
try_first_pass use_authtok
password sufficient pam_ldap.so use_authtok
password required pam_deny.so

##session sufficient pam_ldap.so <==================


Comment this line and create a new one at the end of this
section session optional pam_keyinit.so revoke
session required pam_limits.so debug
-session optional pam_systemd.so

2 sur 10 2/18/2025, 1:30 PM


Knowledge Article https://support.oracle.com/ic/builder/rt/customer_portal/live/webApps/customer-portal/?ancho...

session [success=1 default=ignore] pam_succeed_if.so


service in crond quiet use_uid
session required pam_unix.so
session optional pam_ldap.so <=================== New line
must looks like this.

[root@<HOSTNAME> pam.d]# cat su


#%PAM-1.0
auth sufficient pam_rootok.so
auth sufficient pam_ldap.so
# Uncomment the following line to implicitly trust users
in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in
the "wheel" group.
#auth required pam_wheel.so use_uid
auth substack system-auth
auth include postlogin
account sufficient pam_ldap.so
account sufficient pam_succeed_if.so uid = 0 use_uid quiet
account include system-auth
password include system-auth
#session sufficient pam_ldap.so <==================
Comment this line and create a new one at the end of this
section
session include system-auth
session include postlogin
session optional pam_xauth.so
session optional pam_ldap.so <=================== New line
must looks like this.

Now after we login as user oracle we can see it is loading the new
kernel parameter that were de�ned at /etc/security/limits.d/99-
oracle-rdbms-server-12cR1-preinstall.conf:

[root@<HOSTNAME> ~]# su - oracle


Last login: Wed Nov 16 09:18:36 CST 2016 on pts/0

[oracle@<HOSTNAME> ~]$ ulimit -Sa

3 sur 10 2/18/2025, 1:30 PM


Knowledge Article https://support.oracle.com/ic/builder/rt/customer_portal/live/webApps/customer-portal/?ancho...

core file size (blocks, -c) 0


data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 7707
max locked memory (kbytes, -l) 134217728
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 10240
cpu time (seconds, -t) unlimited
max user processes (-u) 16384
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
[oracle@<HOSTNAME> ~]$

[oracle@<HOSTNAME> ~]$ ulimit -Ha


core file size (blocks, -c) unlimited
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 7707
max locked memory (kbytes, -l) 134217728
max memory size (kbytes, -m) unlimited
open files (-n) 65536
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 32768
cpu time (seconds, -t) unlimited
max user processes (-u) 16384
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
[oracle@OL7XFS ~]$

[root@<HOSTNAME> pam.d]# tail -f /var/log/secure


Nov 21 10:22:11 <HOSTNAME> su: pam_limits(su-l:session):
reading settings from '/etc/security/limits.conf'
Nov 21 10:22:11 <HOSTNAME> su: pam_limits(su-l:session):
process_limit: processing soft memlock 45298483 for

4 sur 10 2/18/2025, 1:30 PM


Knowledge Article https://support.oracle.com/ic/builder/rt/customer_portal/live/webApps/customer-portal/?ancho...

DEFAULT
Nov 21 10:22:11 <HOSTNAME> su: pam_limits(su-l:session):
process_limit: processing hard memlock 45298483 for
DEFAULT
Nov 21 10:22:11 <HOSTNAME> su: pam_limits(su-l:session):
reading settings from '/etc/security/limits.d/20-
nproc.conf'
Nov 21 10:22:11 <HOSTNAME> su: pam_limits(su-l:session):
reading settings from '/etc/security/limits.d/99-oracle-
rdbms-server-12cR1-preinstall.conf' <========= Working now
Nov 21 10:22:11 <HOSTNAME> su: pam_limits(su-l:session):
process_limit: processing soft nofile 1024 for USER
Nov 21 10:22:11 <HOSTNAME> su: pam_limits(su-l:session):
process_limit: processing hard nofile 65536 for USER
Nov 21 10:22:11 <HOSTNAME> su: pam_limits(su-l:session):
process_limit: processing soft nproc 16384 for USER
Nov 21 10:22:11 <HOSTNAME> su: pam_limits(su-l:session):
process_limit: processing hard nproc 16384 for USER
Nov 21 10:22:11 <HOSTNAME> su: pam_limits(su-l:session):
process_limit: processing soft stack 10240 for USER
Nov 21 10:22:11 <HOSTNAME> su: pam_limits(su-l:session):
process_limit: processing hard stack 32768 for USER
Nov 21 10:22:11 <HOSTNAME> su: pam_limits(su-l:session):
process_limit: processing hard memlock 134217728 for USER
Nov 21 10:22:11 <HOSTNAME> su: pam_limits(su-l:session):
process_limit: processing soft memlock 134217728 for USER
Nov 21 10:22:11 <HOSTNAME> su: pam_unix(su-l:session):
session opened for user oracle by root(uid=0)
Nov 21 10:22:11 <HOSTNAME> su: pam_ldap(su-l:session):
nslcd session open; user=oracle
Nov 21 10:22:11 <HOSTNAME> su: pam_ldap(su-l:session):
session open succeeded; session_id=<ID>

Cause
No changes.

We can see the current con�guration of PAM �les system-auth-ac, su


and the new kernel parameter for oracle user on /etc/security/
limits.d

5 sur 10 2/18/2025, 1:30 PM


Knowledge Article https://support.oracle.com/ic/builder/rt/customer_portal/live/webApps/customer-portal/?ancho...

Directories:
/etc/pam.d/
/etc/security/limits.d

Files:
system-auth-ac
su
99-oracle-rdbms-server-12cR1-preinstall.conf

Current Con�guration:
Kernel parameter values for oracle user

[root@<HOSTNAME> pam.d]# cat /etc/security/limits.d/99-


oracle-rdbms-server-12cR1-preinstall.conf
# oracle-rdbms-server-12cR1-preinstall setting for nofile
soft limit is 1024
oracle soft nofile 1024

# oracle-rdbms-server-12cR1-preinstall setting for nofile


hard limit is 65536
oracle hard nofile 65536

# oracle-rdbms-server-12cR1-preinstall setting for nproc


soft limit is 16384
# refer orabug15971421 for more info.
oracle soft nproc 16384

oracle2 soft nproc 16384

# oracle-rdbms-server-12cR1-preinstall setting for nproc


hard limit is 16384
oracle hard nproc 16384

oracle2 hard nproc 16384

# oracle-rdbms-server-12cR1-preinstall setting for stack


soft limit is 10240KB
oracle soft stack 10240

# oracle-rdbms-server-12cR1-preinstall setting for stack

6 sur 10 2/18/2025, 1:30 PM


Knowledge Article https://support.oracle.com/ic/builder/rt/customer_portal/live/webApps/customer-portal/?ancho...

hard limit is 32768KB


oracle hard stack 32768

# oracle-rdbms-server-12cR1-preinstall setting for memlock


hard limit is maximum of {128GB (x86_64) / 3GB (x86) or 90
% of RAM}
oracle hard memlock 134217728

# oracle-rdbms-server-12cR1-preinstall setting for memlock


soft limit is maximum of {128GB (x86_64) / 3GB (x86) or
90% of RAM}
oracle soft memlock 134217728
[root@<HOSTNAME> pam.d]#

$cat system-auth-ac
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig
is run.
auth required pam_env.so
auth sufficient pam_unix.so try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet_success
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so

account required pam_access.so


account required pam_unix.so broken_shadow
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore]
pam_ldap.so
account required pam_permit.so

password requisite pam_pwquality.so try_first_pass


local_users_only retry=3 authtok_type=
password sufficient pam_unix.so sha512 shadow
try_first_pass use_authtok
password sufficient pam_ldap.so use_authtok
password required pam_deny.so

session sufficient pam_ldap.so


session optional pam_keyinit.so revoke

7 sur 10 2/18/2025, 1:30 PM


Knowledge Article https://support.oracle.com/ic/builder/rt/customer_portal/live/webApps/customer-portal/?ancho...

session required pam_limits.so debug


-session optional pam_systemd.so
session [success=1 default=ignore] pam_succeed_if.so
service in crond quiet use_uid
session required pam_unix.so

# cat su
#%PAM-1.0
auth sufficient pam_rootok.so
auth sufficient pam_ldap.so
# Uncomment the following line to implicitly trust users
in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in
the "wheel" group.
#auth required pam_wheel.so use_uid
auth substack system-auth
auth include postlogin
account sufficient pam_ldap.so
account sufficient pam_succeed_if.so uid = 0 use_uid quiet
account include system-auth
password include system-auth session sufficient
pam_ldap.so
session include system-auth
session include postlogin
session optional pam_xauth.so

When we login to the server as user Oracle, the �le should be reading
and load the new kernel parameter for Oracle user.

On the following output we can see the oracle user is not loading the
kernel parameter like max user process (value 7707)

[root@<HOSTNAME> pam.d]# su - oracle


[oracle@<HOSTNAME> ~]$

[oracle@<HOSTNAME> ~]$ ulimit -Sa


core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited

8 sur 10 2/18/2025, 1:30 PM


Knowledge Article https://support.oracle.com/ic/builder/rt/customer_portal/live/webApps/customer-portal/?ancho...

scheduling priority (-e) 0


file size (blocks, -f) unlimited
pending signals (-i) 7707
max locked memory (kbytes, -l) 45298483
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) 7707
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
[oracle@<HOSTNAME> ~]$

[oracle@<HOSTNAME> ~]$ ulimit -Ha


core file size (blocks, -c) unlimited
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 7707
max locked memory (kbytes, -l) 45298483
max memory size (kbytes, -m) unlimited
open files (-n) 4096
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) unlimited
cpu time (seconds, -t) unlimited
max user processes (-u) 7707
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
[oracle@<HOSTNAME> ~]$

If you have debug mode enable on pam_limits.so and pam_ldap.so


you will see the following log :

[root@<HOSTNAME> pam.d]# tail -f /var/log/secure


Nov 21 10:02:26 <HOSTNAME> sshd[5854]: Accepted password
for root from <IP> port <NUM> ssh2
Nov 21 10:02:27 <HOSTNAME> sshd[5854]:

9 sur 10 2/18/2025, 1:30 PM


Knowledge Article https://support.oracle.com/ic/builder/rt/customer_portal/live/webApps/customer-portal/?ancho...

pam_unix(sshd:session): session opened for user root by


(uid=0)
Nov 21 10:04:28 <HOSTNAME> su: pam_ldap(su-l:session):
nslcd session open; user=oracle
Nov 21 10:04:28 <HOSTNAME> su: pam_ldap(su-l:session):
session open succeeded; session_id=<ID>
Nov 21 10:04:42 <HOSTNAME> su: pam_ldap(su-l:session):
nslcd session close; user=oracle

Article Feedback

Rate this

© 2025 Oracle Terms of Use Privacy

10 sur 10 2/18/2025, 1:30 PM

You might also like