How to Permanently Set Ulimit Open Files Limit to 8192 for All Users in CentOS 7


3 views

Many sysadmins and developers struggle with permanently setting file descriptor limits in CentOS/RHEL 7 systems. The confusion stems from multiple configuration files that can affect the final limit:

  • /etc/security/limits.conf
  • /etc/security/limits.d/*.conf
  • systemd service unit files
  • PAM modules

The default open files limit (typically 1024) often causes issues for:

  • High-traffic web servers (Nginx/Apache)
  • Database servers (MySQL/PostgreSQL)
  • Java applications
  • Node.js applications
  • Any service handling many concurrent connections

Here's how to properly set the limit to 8192 system-wide:

1. System-wide Configuration

Edit or create the following file:

sudo vi /etc/security/limits.conf

Add these lines at the end:

* soft nofile 8192
* hard nofile 8192
root soft nofile 8192
root hard nofile 8192

2. Systemd Service Override (Critical Step)

For services started by systemd (most services in CentOS 7), create an override file:

sudo mkdir -p /etc/systemd/system.conf.d/
sudo vi /etc/systemd/system.conf.d/limits.conf

Add this content:

[Manager]
DefaultLimitNOFILE=8192

3. Apply Changes System-wide

After making these changes, you'll need to:

sudo systemctl daemon-reload
sudo reboot

After reboot, check the limits:

ulimit -n          # For current shell
cat /proc/$(pidof YOUR_SERVICE)/limits | grep "Max open files"

For specific services like MySQL or Nginx, you may need additional configuration:

MySQL Example

sudo systemctl edit mysqld

Add:

[Service]
LimitNOFILE=8192

Nginx Example

Edit /etc/nginx/nginx.conf:

worker_rlimit_nofile 8192;

If limits aren't applying:

  • Check journalctl: journalctl -xe
  • Verify PAM is loading limits: grep pam_limits.so /etc/pam.d/*
  • Check systemd's effective limits: systemctl show --property=DefaultLimitNOFILE

When administering CentOS 7 servers, properly configuring system resource limits often proves more complex than expected. The ulimit -n 8192 command only affects the current shell session, disappearing after logout. To implement this system-wide for all users, we need to modify multiple configuration layers.

Three critical files require modification:

/etc/security/limits.conf
/etc/systemd/system.conf
/etc/systemd/user.conf

1. Modifying limits.conf

Edit the core limits configuration:

sudo vi /etc/security/limits.conf

Add these lines at the end:

* soft nofile 8192
* hard nofile 8192
root soft nofile 8192
root hard nofile 8192

2. Adjusting Systemd Configuration

For services started via systemd (which bypasses PAM limits):

sudo vi /etc/systemd/system.conf

Uncomment and modify:

DefaultLimitNOFILE=8192

Repeat for user sessions:

sudo vi /etc/systemd/user.conf
DefaultLimitNOFILE=8192

3. Applying the Changes

After making these modifications, reload systemd and restart affected services:

sudo systemctl daemon-reload
sudo systemctl restart sshd  # Example service that needs restart

Verify the new limits from a new session:

ulimit -n
cat /proc/$(pidof your_service)/limits | grep "Max open files"

Common issues to check:

  • Services not restarted after configuration changes
  • Conflicting settings in /etc/sysctl.conf
  • SELinux context issues affecting configuration files

For critical services like Nginx or Apache, you might want to override system defaults:

# Example for Nginx service override
sudo systemctl edit nginx.service

[Service]
LimitNOFILE=16384