stryder Posted October 27, 2005 Share Posted October 27, 2005 OS X has a very small maximum limit of the number of processes you can run. How did I discover this? Well, our webserver was suddenly denying connections, even though the maximum limit was set to 500, and we weren't getting 500 concurrent connections! If you don't raise the limits, and you reach them, you're locked out of even shutting down or restarting! Here's how to raise them: in /etc/sysctl.conf: kern.maxproc=2048 kern.maxprocperuid=512 -- in /etc/rc: # # #################################################################### # # ADDED TO PREVENT SYSTEM LOCKUP # # #################################################################### # sysctl -w kern.maxproc=2048 sysctl -w kern.maxprocperuid=512 -- in /etc/rc.common: ####################### # Configure the shell # ####################### # #################################################################### # # ADDED TO CANCEL OUT THE LIMIT OF THE NUMBER OF PROCESSES # # #################################################################### ulimit -u 512 # ####################### The above additions will allow more processes to run (512 per user id, maximum of 2048 total). See Mac OS X client has a relatively conservative setting of 512 for kern.maxproc, while Mac OS X Server sets this to 2048. So I upped this as well and things seem to be going more smoothly on our servers. Link to comment Share on other sites More sharing options...
humasect Posted October 27, 2005 Share Posted October 27, 2005 Hey that's cool. Thanks for the info. BSD and Apache can be joyous Link to comment Share on other sites More sharing options...
Daisuke Posted November 10, 2005 Share Posted November 10, 2005 Never EVER run sysctl -w kern.maxproc=0 or ulimit -u 0 It does NOT set it to unlimited. Link to comment Share on other sites More sharing options...
stryder Posted November 11, 2005 Author Share Posted November 11, 2005 Never EVER run sysctl -w kern.maxproc=0or ulimit -u 0 It does NOT set it to unlimited. No, it will set it to 0, which means you can't do ANYTHING! If you want unlimited, set everything to like 32767. Link to comment Share on other sites More sharing options...
freedomlinux Posted June 20, 2008 Share Posted June 20, 2008 No, it will set it to 0, which means you can't do ANYTHING! If you want unlimited, set everything to like 32767. Hah! Ah, the miracle of *BSD - you get EXACTLY what you ask for. If 0 doesn't make unlimited processes, would -1 ? Link to comment Share on other sites More sharing options...
jklmpqo Posted November 6, 2008 Share Posted November 6, 2008 but wut happens if you divide by zero Link to comment Share on other sites More sharing options...
PainWarlock Posted November 24, 2008 Share Posted November 24, 2008 No, it will set it to 0, which means you can't do ANYTHING! If you want unlimited, set everything to like 32767. hmmm i have an idea for a virus now lol Link to comment Share on other sites More sharing options...
Ranguvar Posted August 7, 2009 Share Posted August 7, 2009 That limit does seem a bit low, yeah. It's good to have a limit of ~30,000, prevents forkbombs from doing their full work. To test immunity to a Bash forkbomb -- do NOT run this unless you're okay with a potential system lock with potential data loss of open apps! It creates many, many new processes that take up CPU and such. An attacker would likely use a more efficient version, like a C one or even ASM. http://en.wikipedia.org/wiki/Fork_bomb :(){ :|:& };: Link to comment Share on other sites More sharing options...
Recommended Posts