su: cannot set user id: Resource temporarily unavailable
I'm trying to su to a user on a CentOS 6.4 x86_64 box and get the error in the subject: [user1@cent6.4box ~]$ sudo su - user2 su: cannot set user id: Resource temporarily unavailable [user1@cent6.4box ~]$ The limits.conf file has the following entries: * soft nofile 10 * hard nofile 10 * soft nproc 8192 * hard nproc 32767 The current usage for pengine is: [user1@cent6.4box ~]$ ps -eLF | grep user2 | wc -l 1108 [user1@cent6.4box ~]$ lsof | grep user2 | wc -l 1558 [user1@cent6.4box ~]$ While these are the majority of the processes and files in use on the system, they are nowhere near the limits. I even increased the limits 10-fold and that has not worked. I'm kind of lost here. Usually the error indicates files or processes over the limit but here... not so much. Any ideas? Brian Chabot ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: su: cannot set user id: Resource temporarily unavailable
Check shared memory and semaphores. Its probable that some other application is swallowing the resource sudo needs. This is a common method of DOS attacks and 'bot nets. --Bruce On Mon, 2014-03-10 at 10:05 -0400, Brian Chabot wrote: I'm trying to su to a user on a CentOS 6.4 x86_64 box and get the error in the subject: [user1@cent6.4box ~]$ sudo su - user2 su: cannot set user id: Resource temporarily unavailable [user1@cent6.4box ~]$ The limits.conf file has the following entries: * soft nofile 10 * hard nofile 10 * soft nproc 8192 * hard nproc 32767 The current usage for pengine is: [user1@cent6.4box ~]$ ps -eLF | grep user2 | wc -l 1108 [user1@cent6.4box ~]$ lsof | grep user2 | wc -l 1558 [user1@cent6.4box ~]$ While these are the majority of the processes and files in use on the system, they are nowhere near the limits. I even increased the limits 10-fold and that has not worked. I'm kind of lost here. Usually the error indicates files or processes over the limit but here... not so much. Any ideas? Brian Chabot ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: su: cannot set user id: Resource temporarily unavailable
Might be semaphores? On 3/10/2014 10:05 AM, Brian Chabot wrote: I'm trying to su to a user on a CentOS 6.4 x86_64 box and get the error in the subject: [user1@cent6.4box ~]$ sudo su - user2 su: cannot set user id: Resource temporarily unavailable [user1@cent6.4box ~]$ The limits.conf file has the following entries: * soft nofile 10 * hard nofile 10 * soft nproc 8192 * hard nproc 32767 The current usage for pengine is: [user1@cent6.4box ~]$ ps -eLF | grep user2 | wc -l 1108 [user1@cent6.4box ~]$ lsof | grep user2 | wc -l 1558 [user1@cent6.4box ~]$ While these are the majority of the processes and files in use on the system, they are nowhere near the limits. I even increased the limits 10-fold and that has not worked. I'm kind of lost here. Usually the error indicates files or processes over the limit but here... not so much. Any ideas? Brian Chabot ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: su: cannot set user id: Resource temporarily unavailable
[user1@cent6.4box ~]$ ipcs -m -- Shared Memory Segments keyshmid owner perms bytes nattch status 0x6c000803 98304 zabbix 600995952 5 [user1@cent6.4box ~]$ ipcs -s -- Semaphore Arrays keysemid owner perms nsems 0x 0 root 6001 0x 65537 root 6001 0x 131074 root 6001 0x7a000803 262147 zabbix 60010 [user1@cent6.4box ~]$ Nothing is jumping out at me here... Brian Brian Chabot On Mon, Mar 10, 2014 at 10:15 AM, Bruce Dawson j...@codemeta.com wrote: Check shared memory and semaphores. Its probable that some other application is swallowing the resource sudo needs. This is a common method of DOS attacks and 'bot nets. --Bruce On Mon, 2014-03-10 at 10:05 -0400, Brian Chabot wrote: I'm trying to su to a user on a CentOS 6.4 x86_64 box and get the error in the subject: [user1@cent6.4box ~]$ sudo su - user2 su: cannot set user id: Resource temporarily unavailable [user1@cent6.4box ~]$ The limits.conf file has the following entries: * soft nofile 10 * hard nofile 10 * soft nproc 8192 * hard nproc 32767 The current usage for pengine is: [user1@cent6.4box ~]$ ps -eLF | grep user2 | wc -l 1108 [user1@cent6.4box ~]$ lsof | grep user2 | wc -l 1558 [user1@cent6.4box ~]$ While these are the majority of the processes and files in use on the system, they are nowhere near the limits. I even increased the limits 10-fold and that has not worked. I'm kind of lost here. Usually the error indicates files or processes over the limit but here... not so much. Any ideas? Brian Chabot ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: su: cannot set user id: Resource temporarily unavailable
On 2014-03-10 10:05, Brian Chabot wrote: I'm trying to su to a user on a CentOS 6.4 x86_64 box and get the error in the subject: [user1@cent6.4box ~]$ sudo su - user2 su: cannot set user id: Resource temporarily unavailable [user1@cent6.4box ~]$ This is where, when desperate, I whip out strace: strace -s 1024 -f -o /tmp/sudo_strace.log sudo su - user2 This will generate a logfile with all the system calls made by the command; it takes some practice to parse strace output reliably, as there are a bunch of red herrings, e.g., 3490 access(/etc/ld.so.preload, R_OK) = -1 ENOENT (No such file or directory) Which is another way of saying The file /etc/ld.so.preload doesn't exist -- though it may or may not be optional. I would dive into the bottom of the log file, then search backward for your error string; from that, I'd look backward for something that *isn't* a red herring. strace is a wonderful tool, but it's a bit like a sledgehammer for flyswatting, and I only break it out when I'm completely stumped. Good luck! -Ken The limits.conf file has the following entries: * soft nofile 10 * hard nofile 10 * soft nproc 8192 * hard nproc 32767 The current usage for pengine is: [user1@cent6.4box ~]$ ps -eLF | grep user2 | wc -l 1108 [user1@cent6.4box ~]$ lsof | grep user2 | wc -l 1558 [user1@cent6.4box ~]$ While these are the majority of the processes and files in use on the system, they are nowhere near the limits. I even increased the limits 10-fold and that has not worked. I'm kind of lost here. Usually the error indicates files or processes over the limit but here... not so much. Any ideas? Brian Chabot ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: su: cannot set user id: Resource temporarily unavailable
On 3/10/2014 10:20 AM, Brian Chabot wrote: Also, disk space and RAM are aplenty... Is there any way to tell *which* resource is unavailable? Brian Chabot Two other thoughts: - Is SELinux enabled? Check the logs and see if there's anything strange there. - try using strace to see which call returns the error. It might give you a clue about what it's trying to do. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: su: cannot set user id: Resource temporarily unavailable
Another vote for strace. Depending on circumstances I sometimes first startup a separate session thus: script /tmp/tediousDebugSession.log ...and then just allow the strace+program command to let fly via stdout. It can be a mess but having program output intermixed with the resultant strace spewage can sometimes help when trying to divine which parts are relevant. P.S. It's jibe not jive... ;- ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Systems guy available (Chelmsford, MA)
I'm a generalist looking for work (SysEng/SysAdmin/other?) within reasonable commuting distance from Chelmsford, MA. Please email me if you have any leads or want further info... Thanks, --Michael O'Donnell ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: su: cannot set user id: Resource temporarily unavailable
Not directly related to the issue, but I thought I'd not that you don't have to have sudo exec an su with the sudo su - user, you can get an interactive shell from sudo directly: sudo -i -u user -i says you want an interactive login shell. If you don't specify -u username then it assumes root. -Shawn On Mon, Mar 10, 2014 at 10:44 AM, Brian Chabot br...@brianchabot.orgwrote: THANK YOU! I found the error. Thanks to Ken for the strace idea, I looked through the resultant log and found this line: 9519 read(8, # Default limit for number of user's processes to prevent\n# accidental fork bombs.\n# See rhbz #432903 for reasoning.\n\n* softnproc 1024\nroot soft nproc unlimited\n, 4096) = 191 That didn't jive with /etc/security/limits.conf so it stood out in my visual scan. Looking up a few lines to see where it got that from I see: 9519 open(/etc/security/limits.d/90-nproc.conf, O_RDONLY) = 8 Ok, so /etc/security/limits.d/90-nproc.conf over-rules /etc/security/limits.conf Good to know. I raised the nproc limit and the su- worked. Thanks again to all of you. Brian Brian Chabot On Mon, Mar 10, 2014 at 10:32 AM, Mark Komarinski mkomarin...@wayga.org wrote: On 3/10/2014 10:20 AM, Brian Chabot wrote: Also, disk space and RAM are aplenty... Is there any way to tell *which* resource is unavailable? Brian Chabot Two other thoughts: - Is SELinux enabled? Check the logs and see if there's anything strange there. - try using strace to see which call returns the error. It might give you a clue about what it's trying to do. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/