su: cannot set user id: Resource temporarily unavailable問題解決

操作環境

  SuSE11sp1

問題現象

  執行su - test命令切換失敗，提示"su: cannot set user id: Resource temporarily unavailable"

問題分析

  猜測是test使用資源超過系統的限制（比如進程數、打開的文件句柄）

  1、查看/etc/security/limits.conf文件，文件並無對test用戶做特殊限制

  2、ulimit -a，查看輸出結果與步驟1中的配置一致。

  3、pf -fu test | wc -l，查看test用戶打開的進程數，小於上述通用配置nproc參數值。OK

  4、lsof | awk '{print $3}' | sort | uniq -c,查看test用戶打開的文件句柄數。小於上述通用配置的參數值nofile。OK

  5、ps -eLF | grep 'test'|wc-l,查看test用戶打開的線程數（Java里面的一個線程在Linux下會最終映射成操作系統的一個進程），等於當前通用配置的參數值nproc。找到了原因。因此需要修改nproc參數。

問題解決

  1、調大/etc/security/limits.conf中nproc參數。不需要重啟。

  2、執行ulimit -a查看確認修改已生效。

  3、重新執行su - test，切換成功。問題解決

知識拓展

  1、/etc/security/limits.conf文件及內容介紹

# /etc/security/limits.conf
#
#This file sets the resource limits for the users logged in via PAM.
#It does not affect resource limits of the system services.
#
#Also note that configuration files in /etc/security/limits.d directory,
#which are read in alphabetical order, override the settings in this
#file in case the domain is the same or more specific.
#That means for example that setting a limit for wildcard domain here
#can be overriden with a wildcard setting in a config file in the
#subdirectory, but a user specific setting here can be overriden only
#with a user specific setting in the subdirectory.
#
#Each line describes a limit for a user in the form:
#
#<domain>        <type>  <item>  <value>
#
#Where:
#<domain> can be:
#        - a user name
#        - a group name, with @group syntax
#        - the wildcard *, for default entry
#        - the wildcard %, can be also used with %group syntax,
#                 for maxlogin limit
#
#<type> can have the two values:
#        - "soft" for enforcing the soft limits
#        - "hard" for enforcing hard limits
#
#<item> can be one of the following:
#        - core - limits the core file size (KB)
#        - data - max data size (KB)
#        - fsize - maximum filesize (KB)
#        - memlock - max locked-in-memory address space (KB)
#        - nofile - max number of open file descriptors
#        - rss - max resident set size (KB)
#        - stack - max stack size (KB)
#        - cpu - max CPU time (MIN)
#        - nproc - max number of processes
#        - as - address space limit (KB)
#        - maxlogins - max number of logins for this user
#        - maxsyslogins - max number of logins on the system
#        - priority - the priority to run user process with
#        - locks - max number of file locks the user can hold
#        - sigpending - max number of pending signals
#        - msgqueue - max memory used by POSIX message queues (bytes)
#        - nice - max nice priority allowed to raise to values: [-20, 19]
#        - rtprio - max realtime priority
#
#<domain>      <type>  <item>         <value>
#

#*               soft    core            0
#*               hard    rss             10000
#@student        hard    nproc           20
#@faculty        soft    nproc           20
#@faculty        hard    nproc           50
#ftp             hard    nproc           0
#@student        -       maxlogins       4

# End of file
@users soft nofile 100001
@users hard nofile 100002
@root  soft nofile 100001
@root  hard nofile 100002

  2、ulimit命令，設置限制,可以把命令加到profile文件里，也可以在/etc/security/limits.conf文件中定義限制。

  常用參數如下

-a  顯示所有限制
-n  打開文件數的上限
-u  進程數的上限
-c  core文件大小的上限
-d  進程數據段大小的上限
-f  shell所能創建的文件大小的上限
-m  駐留內存大小的上限
-s  堆棧大小的上限
-t  每秒可占用的CPU時間上限
-p  管道大小
-v  虛擬內存的上限