su: cannot set user id: Resource temporarily unavailable

-

Issue

Getting Error su: cannot set user id: Resource temporarily unavailable error while trying to su or to login as a local user. This error is also observed when logging in as a user on the console and using the SSH.

Resolution

  • Check /etc/security/limits.conf and all files in /etc/security/limits.d/ for the current setting of the nproc value
  • Extend the nproc value. This can be done in /etc/security/limits.conf or in any file in a file in /etc/security/limits.d/.
  • Example of /etc/security/limits.conf:
<username>      -      nproc          <limit number>    e.g.  testuser         -      nproc          10240
  • In Red Hat Enterprise Linux 6, there's a default setting in /etc/security/limits.d/90-nproc.conf. Change the default limit for all users or add a new limit for the affected user.
# Default limit for number of user's processes to prevent  # accidental fork bombs.  # See rhbz #432903 for reasoning.    *          soft    nproc     1024  testuser   soft    nproc     10240    <== add

Root Cause

  • The user fails to log in because an EAGAIN error occurs if the user's number of executing threads has reached the nproc resource limit.

    Note: Despite the name, this is a limit on threads, not processes.

  • This error may occur if user's nproc limit is set to /etc/security/limits.conf.

  • In Red Hat Enterprise Linux 6, this error occurs even if the limit is not explicitly set because the default configuration for all users is set in /etc/security/limits.d/90-nproc.conf.

Diagnostic Steps

  • Check nproc and nofile in /etc/security/limits.conf for the user.
  • Log in as this user and run ulimit -u:
    $ ulimit -u      120831
  • Look at /proc/sys/kernel/threads-max:
    # cat /proc/sys/kernel/threads-max      241663
  • Look at the number of user processes(threads)
    # ps -u testuser -L | wc -l      103
  • Look at /var/log/secure:
      su: pam_keyinit(su-l:session): Unable to change UID to 24074 temporarily         su: pam_keyinit(su-l:session): Unable to change UID to 24074 temporarily
  • Look at strace. Run strace -ttTvfo /tmp/su.strace su - testuser:
      23318 10:35:59.758440 setgid(24075)     = 0 <0.000005>        23318 10:35:59.758471 setuid(24074)     = -1 EAGAIN (Resource temporarily unavailable) <0.000018>






Popular posts from this blog

cognos content store database tables

-
CMSYSPROPS This table has the Content Store Version. CMOBJNAMES This table has the names of all the objects in the content store. CMOBJPROPS1 Users, Roles \ Group Distribution list and contact information such as Email, phone number, Fax Given name etc are stored in this table. CMOBJPROPS2 Report scheduling information is stored. This table has fields like hour, day week etc CMOBJPROPS3 Stores Screen Tip and Object description provided while creating the objects are stored here CMOBJPROPS4 Stores the printer paper setting details like height and width of A3 , A4 , letter and 11X17 paper orientations CMOBJPROPS6 Has the details of the all packages which were published using the FM. CMOBJPROPS7 This table stores the XML of all reports and models. This is basically to maintain the metadata about the structure of the reports and models. CMOBJPROPS10 Contact information is stored in this table. This table has columns like Contact Email and C...
Read more

alma linux: dnf Module yaml error: Unexpected key in data

-
While applying recent updates to a server running Rocky Linux 8, an error presented itself. Module yaml error: Unexpected key in data: static_context [line 9 col 3] Module yaml error: Unexpected key in data: static_context [line 9 col 3] The solution turned out to be a simple one. Update the libmodulemd first to correct the problem then perform the dnf updates as usual. dnf update libmodulemd For a detailed explanation as to the cause of this problem.
Read more

Shrink you container size up to 95%.

-
BLAFS is a bloat-aware filesystem for container debloating. The design principles of BLAFS are effective, efficient, and easy to use. It detects the files used by the container, and then debloats the container by removing the unused files. The debloated containers are still functional and can run the same workload as the original containers, but with a much smaller size and faster deployment. https://github.com/negativa-ai/BLAFS?tab=readme-ov-file
Read more