我在 Apache 的错误日志中看到以下条目
[Mon Jul 04 13:39:27 2011] [alert] (11)Resource temporarily unavailable: setuid: unable to change to uid: 48
[Mon Jul 04 13:39:27 2011] [alert] (11)Resource temporarily unavailable: setuid: unable to change to uid: 48
[Mon Jul 04 13:39:27 2011] [alert] Child 13286 returned a Fatal error... Apache is exiting!
[Mon Jul 04 13:39:27 2011] [alert] (11)Resource temporarily unavailable: setuid: unable to change to uid: 48
[Mon Jul 04 13:39:27 2011] [alert] (11)Resource temporarily unavailable: setuid: unable to change to uid: 48
cat /etc/security/limits.d/90-nproc.conf
# Default limit for number of user's processes to prevent
# accidental fork bombs.
# See rhbz #432903 for reasoning.
* soft nproc 1024
apache soft nproc 8800
apache hard nproc 65000
#Apache conf info
<IfModule prefork.c>
StartServers 80
MinSpareServers 100
MaxSpareServers 101
ServerLimit 2100
MaxClients 2100
MaxRequestsPerChild 3000
</IfModule>
答案1
Apache 以 root 身份运行,然后它变为 apache 用户。apache 用户的 nproc 设置不起作用,请尝试增加所有用户的 nproc 设置:
* soft nproc 8000
可以在 90-nproc.conf 文件上执行此操作,也可以注释掉它并在 /etc/security/limits.conf 文件上执行此操作。
答案2
/etc/security/limits.d或中定义的限制limits.conf不适用于调用 的程序setuid,除非在 PAM 模块中另有规定。
您可以通过添加以下行来启用此行为:
session required pam_limits.so
这些文件:
- /etc/pam.d/common-session
- /etc/pam.d/common-session-noninteractive