{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 淡お忘 的问题《inotify FD - why is the limit per user id and not》','https://www.manongdao.com/q-795876.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
In Linux, limit on the number of inotify instances a process can have open is limited by a per user-id max number, specified in /proc/sys/fs/inotify/max_user_instances
Natural thing would be to limit it per process, like file FDs for example. Since the inotify FDs are limited by the user id, its more likely to hit the limit on servers where many processes might run with the same user id. But I guess there has to be a reason for this ?
This is a programming question because I have to use inotify in my code and want to set the right limit for the system.
The reason is to prevent non-root users DoSing the system by watching lots of files using
inotify.inotifystructures require non-negligible amount of memory to maintain (and it can't be swapped out to disk), so there needs to be some limit on how much non-privileged can commit.epollused to have similar restrictions (max_user_instancesandmax_user_watches), although in the endmax_user_instanceswas removed andmax_user_watcheswas just set to be 4% of memory.A similar patch should probably be submitted for inotify, but hasn't been so far.
File descriptors are limited on a per-process basis for a completely different reason: when a process starts a file descriptor table is allocated and its size is proportional to the maximum allowed number of file descriptors. Keeping this as small as possible reduces the per-process memory overhead.