ngIRCd login class

ngIRCd is a network service that can open hundreds of network connections. As a result, it will need a special login class to accomodate its increased need for file descriptors and memory.

Prerequisites

Before beginning, read the login.conf guide and man page.

Service Login Class

For ngIRCd, we will create a new login class called the service login class for network services that need extra file descriptors and memory. Append this block to the end of /etc/login.conf:

service:\
	:openfiles-cur=8192:\
	:openfiles-max=8192:\
	:openfiles=8192:\
	:stacksize-cur=512M:\
	:stacksize-max=512M:\
	:maxproc-max=infinity:\
	:maxproc-cur=8192:\
	:tc=daemon:

WARNING: Use tabs and not spaces in login.conf. Spaces are not parsed correctly so that services will not get the file resources they need.

Now we change ngircd's default login class to service:

$ doas usermod -L service _ngircd

This can also be edited with a text editor using vipw.

To confirm that the login class has been changed, check /etc/master.passwd.

$ doas grep '^_ngircd' /etc/master.passwd
_ngircd:*:703:703:service:0:0:ngircd account:/var/ngircd:/sbin/nologin

grep searches for the line that begins with ngircd in /etc/master.passwd.

The 5th field should have the correct login class name:

$ doas grep '^_ngircd' /etc/master.passwd | cut -d : -f 5
service

NOTE: If /etc/login.conf.db exists, make sure to delete it (or recreate the database), otherwise login.conf changes won't apply:

To delete:

$ doas rm /etc/login.conf.db

Checking Limits

You should confirm the login class has been configured correctly using ulimit.

If necessary, you may need temporarily change the login shell to ksh:

$ doas chsh -s /bin/ksh _ngircd

Next, we login with the login class znc:

$ doas su -c service _ngircd
$ ulimit -a
time(cpu-seconds)    unlimited
file(blocks)         unlimited
coredump(blocks)     unlimited
data(kbytes)         33554432
stack(kbytes)        32768
lockedmem(kbytes)    329478
memory(kbytes)       985092
nofiles(descriptors) 4096
processes            1310

ulimit -a displays all process limits for our current user.

WARNING: If limits are not what you expect, you may have an error in your configuration!

Press ctrl+d to signal the end of file to logout

Now, restore the login shell to nologin:

$ doas chsh -s /sbin/nologin _ngircd

Restart ngircd

In order for changes to take effect, you must restart ngircd:

$ doas rcctl restart ngircd

WARNING: Restarting ngircd will cause all users on the server to disconnect. Make sure to warn users in advance.