Busy WebServer Apache bombing and seems to not obey ulimit set for it

Question

I am seeing the following entries in Apache's error log

[Mon Jul 04 13:39:27 2011] [alert] (11)Resource temporarily unavailable: setuid: unable to change to uid: 48
[Mon Jul 04 13:39:27 2011] [alert] (11)Resource temporarily unavailable: setuid: unable to change to uid: 48
[Mon Jul 04 13:39:27 2011] [alert] Child 13286 returned a Fatal error... Apache is exiting!
[Mon Jul 04 13:39:27 2011] [alert] (11)Resource temporarily unavailable: setuid: unable to change to uid: 48
[Mon Jul 04 13:39:27 2011] [alert] (11)Resource temporarily unavailable: setuid: unable to change to uid: 48

cat /etc/security/limits.d/90-nproc.conf
# Default limit for number of user's processes to prevent
# accidental fork bombs.
# See rhbz #432903 for reasoning.

*          soft    nproc     1024
apache          soft    nproc           8800
apache          hard    nproc           65000


#Apache conf info 

<IfModule prefork.c>
StartServers       80
MinSpareServers    100
MaxSpareServers   101
ServerLimit     2100
MaxClients      2100
MaxRequestsPerChild  3000
</IfModule>

Answer 1

Apache runs as root, and then it suid to the apache user. The nproc setting for the apache user will not work, try increasing the nproc setting for all users:

*   soft   nproc   8000

Either do this on the 90-nproc.conf file, or comment it and do it on the /etc/security/limits.conf file.

Answer 2

Limits defined in /etc/security/limits.d or limits.conf will not apply to programs which call setuid, unless it is specified so in the PAM modules.

You can enable this behavior by adding the line:

session required pam_limits.so

to these files:

• /etc/pam.d/common-session
• /etc/pam.d/common-session-noninteractive