"cannot set user id: Resource temporarily unavailable" while trying to login or su as a local user in Red Hat Enterprise Linux

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux 4
  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 6

Issue

Getting Error su: cannot set user id: Resource temporarily unavailable error while trying to su or to login as a local user. This error is also observed when logging in as a user on the console and using the SSH.

Resolution

  • Check /etc/security/limits.conf and all files in /etc/security/limits.d/ for the current setting of the nproc value
  • Extend the nproc value. This can be done in /etc/security/limits.conf or in any file in a file in /etc/security/limits.d/.
  • Example of /etc/security/limits.conf:
<username>      -      nproc          <limit number>

e.g.
testuser         -      nproc          10240
  • In Red Hat Enterprise Linux 6, there's a default setting in /etc/security/limits.d/90-nproc.conf. Change the default limit for all users or add a new limit for the affected user.
# Default limit for number of user's processes to prevent
# accidental fork bombs.
# See rhbz #432903 for reasoning.

*          soft    nproc     1024
testuser   soft    nproc     10240    <== add

Root Cause

  • The user fails to log in because an EAGAIN error occurs if the user's number of executing threads has reached the nproc resource limit.

    Note: Despite the name, this is a limit on threads, not processes.

  • This error may occur if user's nproc limit is set to /etc/security/limits.conf.

  • In Red Hat Enterprise Linux 6, this error occurs even if the limit is not explicitly set because the default configuration for all users is set in /etc/security/limits.d/90-nproc.conf.

Diagnostic Steps

  • Check nproc and nofile in /etc/security/limits.conf for the user.
  • Log in as this user and run ulimit -u:
    $ ulimit -u
    120831
  • Look at /proc/sys/kernel/threads-max:
    # cat /proc/sys/kernel/threads-max
    241663
  • Look at the number of user processes(threads)
    # ps -u testuser -L | wc -l
    103
  • Look at /var/log/secure:
      su: pam_keyinit(su-l:session): Unable to change UID to 24074 temporarily 
      su: pam_keyinit(su-l:session): Unable to change UID to 24074 temporarily
  • Look at strace. Run strace -ttTvfo /tmp/su.strace su - testuser:
      23318 10:35:59.758440 setgid(24075)     = 0 <0.000005>
      23318 10:35:59.758471 setuid(24074)     = -1 EAGAIN (Resource temporarily unavailable) <0.000018>

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

14 Comments

I already have updated security/limits.conf

and I have also created a shell script that gets execuated when user login

I have following in limits.conf

* soft nofile 65536
* hard nofile 131072
* soft nproc 4096
* hard nproc 1031891

and for user script that I have in /etc/profile.d/

[root@psin0p001 profile.d]# more apenddv.sh
if [ $USER = "apenddv" ]; then
umask 022
ulimit -n 131070
ulimit -u 1031890
fi
[root@psin0p001 profile.d]# pwd
/etc/profile.d
[root@psin0p001 profile.d]#

which raise the limits to high value

See also https://bugzilla.redhat.com/show_bug.cgi?id=919793

Upshot of that is that pam apparently has put in /etc/security/limits.d/90-nproc.conf and the nproc setting in that file overrides what is in /etc/security/limits.conf. Original poster sees that issue on RHEL6.3 and I just ran into it on RHEL6.4
My solution was to change nproc from 1024 to 10240 in the 90-nproc.conf file.

Document modified 02/05/2014 to include the 90-nproc.conf file for RHEL6. Comments above were before that update.

I used this today with a RHEL 6.5 server system (patched to February patch level via a Satellite server) and it worked great.

HI,
after changing nproc from 1024 to 10240 in the 90-nproc.conf file.

Hi
after changing nproc from 1024 to 10240 in the 90-nproc.conf file. also i am not able to su to the user

Are you getting the error noted at the top of this article?

Did you logout and log back in after modifying the file?

You must also do a few steps after setting nproc
Stop any service, check that the PID terminated. If not, kill it. The log out completely. Log back in and check your values. Restart service (DB etc.)

For an instance where we received the resource_unavilable message when trying to su - sybase, simply bumping the limit in /etc/security/limits.conf for "sybase soft nproc" worked immediately. No services needed to be restarted, we were able to assume that ID immediately after editing the file. This was spot on for us.

I concur Jay, no need restart any service. But in this case i updated "/etc/security/limits.d/90-nproc.conf" and got the same result.

User Account is unavailable when i am trying to su - grid in server. Entry for grid user is missing in /etc/passwd file. How to recover this loss? Any thoughts?

I had this issue. Diagnosed it by running:

ps -LF _U my_user | wc -l

Which returned 2049. Just above the nproc limit of 2048.

The resolution works. Thanks

Resolution works. Thanks.