"Resource temporarily unavailable" while trying to login or su as a local user in Red Hat Enterprise Linux

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux 4, 5, 6, 7 and 8

Issue

  • Getting the error below while trying to su or to login as a local user.

    su: cannot set user id:Resource temporarily unavailable

    or

    su: failed to execute /bin/bash: Resource temporarily unavailable

  • This error is also observed when logging in as a user on the console and using the SSH.

Resolution

  • Check /etc/security/limits.conf and all files in /etc/security/limits.d/ for the current setting of the nproc value
  • Extend the nproc value. This can be done in /etc/security/limits.conf or in any file in a file in /etc/security/limits.d/.

  • Example of /etc/security/limits.conf:

    <username>      -      nproc          <limit number>

e.g.
testuser         -      nproc          10240

  • In Red Hat Enterprise Linux 6, there's a default setting in /etc/security/limits.d/90-nproc.conf. Change the default limit for all users or add a new limit for the affected user.

    # Default limit for number of user's processes to prevent
# accidental fork bombs.
# See rhbz #432903 for reasoning.

*          soft    nproc     1024
testuser   soft    nproc     10240    <== add

Root Cause

  • The user fails to log in because an EAGAIN error occurs if the user's number of executing threads has reached the nproc resource limit. Note: Despite the name, this is a limit on threads, not processes.
  • This error may occur if user's nproc limit is set to /etc/security/limits.conf.
  • In Red Hat Enterprise Linux 6, this error occurs even if the limit is not explicitly set because the default configuration for all users is set in /etc/security/limits.d/90-nproc.conf.

Diagnostic Steps

  • Check nproc and nofile in /etc/security/limits.conf for the user.

  • Log in as this user and run ulimit -u:

    $ ulimit -u
120831

  • Look at /proc/sys/kernel/threads-max:

    # cat /proc/sys/kernel/threads-max
241663

  • Look at the number of user processes(threads)

    # ps -u testuser -L | wc -l
103

  • Look at /var/log/secure:

    su: pam_keyinit(su-l:session): Unable to change UID to 24074 temporarily 
su: pam_keyinit(su-l:session): Unable to change UID to 24074 temporarily

  • Look at strace. Run strace -ttTvfo /tmp/su.strace su - testuser:

    23318 10:35:59.758440 setgid(24075)     = 0 <0.000005>
23318 10:35:59.758471 setuid(24074)     = -1 EAGAIN (Resource temporarily unavailable) <0.000018>
  • Component
  • pam

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments