Home » Debian, How-to, Linux, Newbie, Shell, Tuning

Core dumps under Linux

27 February 2009 3 Comments

If you reached this page is possible to know what a core dump is, but I will explain again (in a very short version) for the new “kids” on the Linux who also is possible to reach this page … it sounds like a paradox … whatever:

Core dump is a file what contain the current state of a process and its memory saved when a program crashes. It can be analysed with gdb but you need programming skills to understand and develop that,

Core Dumps are very useful in a development server but not in a production one. So I will show you how to configure core dumps and also how disable them.

1. Enabling and Configuring core dumps on a Linux system
1.1 Disable the limit for the maximum size of a core dump file

To see the current setup of maximum size of a core dump just run:

[root@randombugs ~]# ulimit -c
0

In this case the limit is 0 and that means you will not get any core dump.
You will never know what is the maximum size of a core (can be very very big) so in a development environment you can set it to unlimited. To do that just run

[root@randombugs ~]# ulimit -c unlimited

If you want to be a permanent setting just open /etc/security/limits.conf and add:

* hard core unlimited

1.2 Saving core dumps in a specific folder

Usually the core dumps are saved on the parent folder of the application and that means you will have all this core dumps spread on different places. The best way is to set up a folder where to save all this core dumps. To do that just run:

[root@randombugs ~]# mkdir -p /var/log/dumps
[root@randombugs ~]# chmod -R 1777 /var/log/dumps
[root@randombugs ~]# echo “/var/log/dumps/core.%e.%p” > /proc/sys/kernel/core_pattern

Now all the core dumps will be saved on /var/logs/dumps/. %e means the application name and %p means the pid of the application.

1.3 Enable core dumps for setuid and setgid processes

Under some systems you will set up this on fs.suid_dumpable and under others you can set it on kernel.suid_dumpable
So if you get an error like “error: “fs.suid_dumpable” is an unknown key” when you are running

[root@randombugs ~]#sysctl -w fs.suid_dumpable=2

then your key is kernel.suid_dumpable and you will need to run:

[root@randombugs ~]# sysctl -w kernel.suid_dumpable=2

Enabling this can be a security issue so don’t let it on a production environment.
Also you can made this change permanently if you edit /etc/sysctl.conf and add

fs.suid_dumpable=2

After you added it just run

[root@randombugs ~]# sysctl -p

2. Disable core dumps on a Linux system

Edit /etc/security/limits.conf and add

* hard core 0

Edit /etc/sysctl.conf and add or edit the following key

fs.suid_dumpable = 0

and now run:

[root@randombugs ~]# sysctl -p

Setting a soft limit for core dumps is easy, just run in shell:

[root@randombugs ~]# ulimit -S -c 0

Good Luck !


3 Comments »

  • HorseParts said:

    I’ve been a fan of this site for awhile. Never posted until now! =). We should become partners. We have a lot in common.

    # 25 April 2010 at 1:09 am
  • Krion said:

    For the “Saving core dumps in a specific folder” parts, you can specify it in sysctl.conf in order to have it automatically setup at boot

    #sysctl.conf
    kernel.core_pattern = /var/log/dumps/core.%e.%p

    # 2 December 2010 at 1:09 pm
  • Fake said:

    Core dumps are absolutely of use in a Prod environment when something goes wrong.

    # 9 January 2013 at 8:15 pm

Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.