All Products
Search

This Product

    :"Could not set limit for 'nofile ': Operation not permitted" is displayed when you log on to an ECS instance through SSH

    Document Center

    :"Could not set limit for 'nofile ': Operation not permitted" is displayed when you log on to an ECS instance through SSH

    Last Updated:Dec 29, 2020

    Problem description

    After you modify the number of accessible files in the limits.conf file, the following message appears when you log on to the ECS instance over SSH:

    pam_limits(crond:session): Could not set limit for 'nofile': Operation not permitted

    Cause

    To modify the number of files that can be opened, you can generally modify the limits.conf of the nofile file. However, if you modify this value too large, you will not be able to log on to SSH because the number of files that can be opened will exceed the number of files that can be opened by the kernel.

    Solution

    Alibaba Cloud reminds you that:

    • Before you perform operations that may cause risks, such as modifying instance configurations or data, we recommend that you check the disaster recovery and fault tolerance capabilities of the instances to ensure data security.
    • You can modify the configurations and data of instances including but not limited to Elastic Compute Service (ECS) and Relational Database Service (RDS) instances. Before the modification, we recommend that you create snapshots or enable RDS log backup.
    • If you have authorized or submitted sensitive information such as the logon account and password in the Alibaba Cloud Management Console, we recommend that you modify such information in a timely manner.
    1. We recommend that you modify the number of file (s) that can be opened by the kernel first. Modify the /etc/sysctl.conf and fs.file-max values in fs.nr_open.
      Note:
      • fs.file-max: the number of files that can be opened by all processes at the kernel level.
      • fs.nr_open: the number of files that can be opened by a single process at the kernel level.

    2. After the modification, edit the /etc/security/limits.conf file and modify the configuration as follows. In the following example, the value is changed to 65535. The specific value is subject to the actual environment. 
      * soft nofile 65535
      * hard nofile 65535
    3. Restart the system and run the following commands to verify that the fs.file-max and fs.nr_open values are modified: 
      cat /proc/sys/fs/file-max
      cat /proc/sys/fs/nr_open

    Application scope

    • Elastic Compute Service