Hi, would you like to add RLIMIT_NPROC setting to nginx.conf? Because I do not want/need nginx child run any command/fork so, I want set RLIMIT_NPROC=0 to nginx child process, but nginx ignore /etc/login.conf setting.
Thank you. Index: src/core/nginx.c =================================================================== RCS file: /cvs/src/usr.sbin/nginx/src/core/nginx.c,v retrieving revision 1.8 diff -u -u -r1.8 nginx.c --- src/core/nginx.c 15 May 2013 18:52:00 -0000 1.8 +++ src/core/nginx.c 21 Apr 2014 10:49:29 -0000 @@ -104,6 +104,13 @@ 0, NULL }, + { ngx_string("worker_rlimit_nproc"), + NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1, + ngx_conf_set_num_slot, + 0, + offsetof(ngx_core_conf_t, rlimit_nproc), + NULL }, + { ngx_string("worker_rlimit_nofile"), NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1, ngx_conf_set_num_slot, @@ -963,6 +970,7 @@ ccf->worker_processes = NGX_CONF_UNSET; ccf->debug_points = NGX_CONF_UNSET; + ccf->rlimit_nproc = NGX_CONF_UNSET; ccf->rlimit_nofile = NGX_CONF_UNSET; ccf->rlimit_core = NGX_CONF_UNSET; ccf->rlimit_sigpending = NGX_CONF_UNSET; Index: src/core/ngx_cycle.h =================================================================== RCS file: /cvs/src/usr.sbin/nginx/src/core/ngx_cycle.h,v retrieving revision 1.5 diff -u -u -r1.5 ngx_cycle.h --- src/core/ngx_cycle.h 1 Jun 2013 16:12:54 -0000 1.5 +++ src/core/ngx_cycle.h 21 Apr 2014 10:49:29 -0000 @@ -79,6 +79,7 @@ ngx_int_t worker_processes; ngx_int_t debug_points; + ngx_int_t rlimit_nproc; ngx_int_t rlimit_nofile; ngx_int_t rlimit_sigpending; off_t rlimit_core; Index: src/os/unix/ngx_process_cycle.c =================================================================== RCS file: /cvs/src/usr.sbin/nginx/src/os/unix/ngx_process_cycle.c,v retrieving revision 1.12 diff -u -u -r1.12 ngx_process_cycle.c --- src/os/unix/ngx_process_cycle.c 15 May 2013 18:52:01 -0000 1.12 +++ src/os/unix/ngx_process_cycle.c 21 Apr 2014 10:49:30 -0000 @@ -950,6 +950,17 @@ ccf->username, ccf->group); } + if (ccf->rlimit_nproc != NGX_CONF_UNSET) { + rlmt.rlim_cur = (rlim_t) ccf->rlimit_nproc; + rlmt.rlim_max = (rlim_t) ccf->rlimit_nproc; + + if (setrlimit(RLIMIT_NPROC, &rlmt) == -1) { + ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_errno, + "setrlimit(RLIMIT_NPROC, %i) failed", + ccf->rlimit_nproc); + } + } + if (setuid(ccf->user) == -1) { ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno, "setuid(%d) failed", ccf->user);
Index: src/core/nginx.c =================================================================== RCS file: /cvs/src/usr.sbin/nginx/src/core/nginx.c,v retrieving revision 1.8 diff -u -u -r1.8 nginx.c --- src/core/nginx.c 15 May 2013 18:52:00 -0000 1.8 +++ src/core/nginx.c 21 Apr 2014 10:49:29 -0000 @@ -104,6 +104,13 @@ 0, NULL }, + { ngx_string("worker_rlimit_nproc"), + NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1, + ngx_conf_set_num_slot, + 0, + offsetof(ngx_core_conf_t, rlimit_nproc), + NULL }, + { ngx_string("worker_rlimit_nofile"), NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1, ngx_conf_set_num_slot, @@ -963,6 +970,7 @@ ccf->worker_processes = NGX_CONF_UNSET; ccf->debug_points = NGX_CONF_UNSET; + ccf->rlimit_nproc = NGX_CONF_UNSET; ccf->rlimit_nofile = NGX_CONF_UNSET; ccf->rlimit_core = NGX_CONF_UNSET; ccf->rlimit_sigpending = NGX_CONF_UNSET; Index: src/core/ngx_cycle.h =================================================================== RCS file: /cvs/src/usr.sbin/nginx/src/core/ngx_cycle.h,v retrieving revision 1.5 diff -u -u -r1.5 ngx_cycle.h --- src/core/ngx_cycle.h 1 Jun 2013 16:12:54 -0000 1.5 +++ src/core/ngx_cycle.h 21 Apr 2014 10:49:29 -0000 @@ -79,6 +79,7 @@ ngx_int_t worker_processes; ngx_int_t debug_points; + ngx_int_t rlimit_nproc; ngx_int_t rlimit_nofile; ngx_int_t rlimit_sigpending; off_t rlimit_core; Index: src/os/unix/ngx_process_cycle.c =================================================================== RCS file: /cvs/src/usr.sbin/nginx/src/os/unix/ngx_process_cycle.c,v retrieving revision 1.12 diff -u -u -r1.12 ngx_process_cycle.c --- src/os/unix/ngx_process_cycle.c 15 May 2013 18:52:01 -0000 1.12 +++ src/os/unix/ngx_process_cycle.c 21 Apr 2014 10:49:30 -0000 @@ -950,6 +950,17 @@ ccf->username, ccf->group); } + if (ccf->rlimit_nproc != NGX_CONF_UNSET) { + rlmt.rlim_cur = (rlim_t) ccf->rlimit_nproc; + rlmt.rlim_max = (rlim_t) ccf->rlimit_nproc; + + if (setrlimit(RLIMIT_NPROC, &rlmt) == -1) { + ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_errno, + "setrlimit(RLIMIT_NPROC, %i) failed", + ccf->rlimit_nproc); + } + } + if (setuid(ccf->user) == -1) { ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno, "setuid(%d) failed", ccf->user);