Solved "su -m" vs. login classes

a rather basic question, but somehow I seem to be unable to solve it ...

After installing textproc/apache-solr and then starting it, it complains like this:

Code:
root@gwendolin:~ # service solr start
*** [WARN] ***  Your Max Processes Limit is currently 8499.
It should be set to 65000 to avoid operational disruption.
If you no longer wish to see this warning, set SOLR_ULIMIT_CHECKS to false in your profile or solr.in.sh

Instead of disabling the warning, I decided to increase the maxprocs to the mentioned 65000. And so I created a new login class in login.conf(5) like this:
Code:
solr:\
        :maxproc=65000:

I then assigned the newly created login class to the solr user, so that pw showuser solr shows me this:

Code:
solr:*:161:161:solr:0:0:Apache Solr System:/var/db/solr:/usr/sbin/nologin

Upon restarting solr, the warning about the "Max Processes Limit" didn't go away. And so I checked with limits -U solr:
Code:
root@gwendolin:~ # limits -U solr
Resource limits for class solr:
  cputime              infinity secs
  filesize             infinity kB
  datasize             33554432 kB
  stacksize              524288 kB
  coredumpsize         infinity kB
  memoryuse            infinity kB
  memorylocked         infinity kB
  maxprocesses            65000
  openfiles              116847
  sbsize               infinity bytes
  vmemoryuse           infinity kB
  pseudo-terminals     infinity
  swapuse              infinity kB
  kqueues              infinity
  umtxp                infinity

Apparently my increased maxprocesses is ignored by the solr service script.

Investigating the script, I saw that it invokes the daemon using su -m solr /usr/local/solr/bin/solr start.

So my best guess is that su -m ... interferes with my updated maxprocs setting for the user. As far as I understand it, "su(1) -m" is supposed to "leave the environment unmodified". But I can hardly think this refers to the ulimit settings.

Obviously I am missing something very trivial here, but how then do I configure different ulimits for users lacking a login shell?
 
Set kern.maxprocperuid in /etc/sysctl.conf. The limit is limited by it (for lack of a better description).
Code:
     -u [val]        Select or set the maxproc resource limit.  The system-
                     wide limit on the maximum number of processes allowed per
                     UID can be viewed by examining the kern.maxprocperuid
                     sysctl(8) variable.  The maximum number of processes that
                     can be running simultaneously in the entire system is
                     limited to the value of the kern.maxproc sysctl(8)
                     variable.
See limits(1).
 
Back
Top