su: cannot set user id: Resource temporarily unavailable

-

Issue

Getting Error su: cannot set user id: Resource temporarily unavailable error while trying to su or to login as a local user. This error is also observed when logging in as a user on the console and using the SSH.

Resolution

  • Check /etc/security/limits.conf and all files in /etc/security/limits.d/ for the current setting of the nproc value
  • Extend the nproc value. This can be done in /etc/security/limits.conf or in any file in a file in /etc/security/limits.d/.
  • Example of /etc/security/limits.conf:
<username>      -      nproc          <limit number>    e.g.  testuser         -      nproc          10240
  • In Red Hat Enterprise Linux 6, there's a default setting in /etc/security/limits.d/90-nproc.conf. Change the default limit for all users or add a new limit for the affected user.
# Default limit for number of user's processes to prevent  # accidental fork bombs.  # See rhbz #432903 for reasoning.    *          soft    nproc     1024  testuser   soft    nproc     10240    <== add

Root Cause

  • The user fails to log in because an EAGAIN error occurs if the user's number of executing threads has reached the nproc resource limit.

    Note: Despite the name, this is a limit on threads, not processes.

  • This error may occur if user's nproc limit is set to /etc/security/limits.conf.

  • In Red Hat Enterprise Linux 6, this error occurs even if the limit is not explicitly set because the default configuration for all users is set in /etc/security/limits.d/90-nproc.conf.

Diagnostic Steps

  • Check nproc and nofile in /etc/security/limits.conf for the user.
  • Log in as this user and run ulimit -u:
    $ ulimit -u      120831
  • Look at /proc/sys/kernel/threads-max:
    # cat /proc/sys/kernel/threads-max      241663
  • Look at the number of user processes(threads)
    # ps -u testuser -L | wc -l      103
  • Look at /var/log/secure:
      su: pam_keyinit(su-l:session): Unable to change UID to 24074 temporarily         su: pam_keyinit(su-l:session): Unable to change UID to 24074 temporarily
  • Look at strace. Run strace -ttTvfo /tmp/su.strace su - testuser:
      23318 10:35:59.758440 setgid(24075)     = 0 <0.000005>        23318 10:35:59.758471 setuid(24074)     = -1 EAGAIN (Resource temporarily unavailable) <0.000018>






Popular posts from this blog

Shrink you container size up to 95%.

-
BLAFS is a bloat-aware filesystem for container debloating. The design principles of BLAFS are effective, efficient, and easy to use. It detects the files used by the container, and then debloats the container by removing the unused files. The debloated containers are still functional and can run the same workload as the original containers, but with a much smaller size and faster deployment. https://github.com/negativa-ai/BLAFS?tab=readme-ov-file
Read more

alma linux: dnf Module yaml error: Unexpected key in data

-
While applying recent updates to a server running Rocky Linux 8, an error presented itself. Module yaml error: Unexpected key in data: static_context [line 9 col 3] Module yaml error: Unexpected key in data: static_context [line 9 col 3] The solution turned out to be a simple one. Update the libmodulemd first to correct the problem then perform the dnf updates as usual. dnf update libmodulemd For a detailed explanation as to the cause of this problem.
Read more