Matt Nuzum wrote: <snip> > Apr 2 15:45:03 www proftpd[16706]: Unable to open password file > /etc/passwd for reading: Too many open files in system <snip> > Apr 1 04:43:56 www kernel: VM: do_try_to_free_pages failed for > lcdstop... <snip> > Any suggestions or comments? On a scale of 1-10, where 1 is "no > problem-o," and 10 is "It's gonna blow!", where am I?
Depending on your point of view, 1 or 10 :) It isn't - necessarily - a security problem, it simply means (in combination with the VM errors) that you're asking your RaQ to do Too Much. You can tune your RaQ by familiarising yourself with the various sysctls in /proc/, the most pertinent ones right here being: /proc/sys/fs/file-max /proc/sys/fs/file-nr The first one shows the open file limit, the second the actual state: /proc/sys/fs/file-max: 4096 /proc/sys/fs/file-nr: 1631 889 4096 So the limit on this (arbitrarily chosen non-Cobalt machine) is 4096 files open. Right now it has 889, and has peaked at 1631. To increase it, do: echo "8192" > /proc/sys/fs/file-max __BUT__ be very careful - if you already have VM problems I would not recommend doing so, since more open files almost always equates to greater RAM consumption. YMMV, of course. It's worth looking to see what has all those files open in the first place - you may often find it's badly-written CGI scripts, for example, which lie around and never quit. Of course, if you have a heavily-loaded server with a banner exchange scheme on it, that might affect it to. Guess who's seen that one a few times? ;-) Graeme -- Graeme Fowler System Administrator Host Europe Group PLC _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
