ngIRCd login class
ngIRCd is a network service that can open hundreds of network connections. As a result, it will need a special login class to accomodate its increased need for file descriptors and memory.
Prerequisites
Before beginning, read the login.conf guide and man page.
Service Login Class
For ngIRCd, we will create a new login class called the service login class for network services that need extra file descriptors and memory. Append this block to the end of /etc/login.conf:
service:\ :openfiles-cur=8192:\ :openfiles-max=8192:\ :openfiles=8192:\ :stacksize-cur=512M:\ :stacksize-max=512M:\ :maxproc-max=infinity:\ :maxproc-cur=8192:\ :tc=daemon:
WARNING: Use tabs and not spaces in login.conf. Spaces are not parsed correctly so that services will not get the file resources they need.
Now we change ngircd
's default login class to service
:
$ doas usermod -L service _ngircd
This can also be edited with a text editor using vipw.
To confirm that the login class has been changed, check /etc/master.passwd.
$ doas grep '^_ngircd' /etc/master.passwd _ngircd:*:703:703:service:0:0:ngircd account:/var/ngircd:/sbin/nologin
grep searches for the line that begins with ngircd
in /etc/master.passwd.
The 5th field should have the correct login class name:
$ doas grep '^_ngircd' /etc/master.passwd | cut -d : -f 5 service
NOTE: If /etc/login.conf.db exists, make sure to delete it (or recreate the database), otherwise login.conf changes won't apply:
To delete:
$ doas rm /etc/login.conf.db
Checking Limits
You should confirm the login class has been configured correctly using ulimit.
If necessary, you may need temporarily change the login shell to ksh:
$ doas chsh -s /bin/ksh _ngircd
Next, we login with the login class znc:
$ doas su -c service _ngircd $ ulimit -a time(cpu-seconds) unlimited file(blocks) unlimited coredump(blocks) unlimited data(kbytes) 33554432 stack(kbytes) 32768 lockedmem(kbytes) 329478 memory(kbytes) 985092 nofiles(descriptors) 4096 processes 1310
ulimit -a
displays all process limits for our current user.
WARNING: If limits are not what you expect, you may have an error in your configuration!
Press ctrl+d to signal the end of file to logout
Now, restore the login shell to nologin:
$ doas chsh -s /sbin/nologin _ngircd
Restart ngircd
In order for changes to take effect, you must restart ngircd:
$ doas rcctl restart ngircd
WARNING: Restarting ngircd will cause all users on the server to disconnect. Make sure to warn users in advance.