“cannot set user id: Resource temporarily unavailable” [Resolved]

There are several servers that seemed to be setup identically with a local user account called user1 which may be found using getent passwd user1. However, for one reason or another, the account had become inaccessible and returned an error. Although a reboot of the CentOS 6 server resolved the issue, I wanted to know more. It is Linux after all, and I shouldn't have to reboot the server, except for Kernel updates, for now...

The symptom was re-creatable with this command.

[root@centos6 ~]# sudo su user1
su: cannot set user id: Resource temporarily unavailable

After the reboot.

[root@centos6~]# sudo su user1
[user1@centos6 root]$

The issue is that the affected user has reached the maximum number of process specified in the file /etc/security/limits.conf.

Diagnostic Steps

The following commands can reveal the number of processes and open files for a given user.

ps -U username | wc -l
lsof | grep username | wc -l

Alternately, Check nproc and nofile in /etc/security/limits.conf for the user.Log in as this user and run:

ulimit -u

Look at /proc/sys/kernel/threads-max:

cat /proc/sys/kernel/threads-max

Look at the number of user processes(threads)

ps -u testuser -L | wc -l

Look at /var/log/secure:

      su: pam_keyinit(su-l:session): Unable to change UID to 24074 temporarily 
      su: pam_keyinit(su-l:session): Unable to change UID to 24074 temporarily

To fix the issue increase the NPROC Soft limit according to the user and applications needs.

It turns out that there were entries for user1 in the /etc/security/limits.conf which by default is generally a commented file. So the resolution would be increase the numbers.

[root@centos6~]# grep -v "^#" /etc/security/limits.conf
Configuration File

Through the contents of the configuration file /etc/security/limits.conf resource limits are placed on users' sessions. The user root (and other users with uid=0) are not affected by this restriction.

Each line of the configuration file describes a limit for a user in the form:
domain

The fields listed above should be filled as follows:

can be:

  • a username
  • a groupname, with @group syntax
  • the wild-card *, for default entry
  • the wild-card %, for maxlogins limit only, can also be used with %group syntax

can have the three values:

  • hard for enforcing hard resource limits. These limits are set by the superuser and enforced by the Linux kernel. The user cannot raise his requirement of system resources above such values;
  • soft for enforcing soft resource limits. These limits are ones that the user can adjust within the range permitted by any pre-exisiting hard limits. The values specified with this token can be thought of as default values, for normal system usage;
  • - for enforcing both soft and hard limits together.

can be one of the following:

  • core- limits the core file size (KB)
  • data- max data size (KB)
  • fsize- maximum filesize (KB)
  • memlock- max locked-in-memory address space (KB)
  • nofile- max number of open files
  • rss- max resident set size (KB)
  • stack- max stack size (KB)
  • cpu- max CPU time (MIN)
  • nproc- max number of processes
  • as- address space limit
  • maxlogins- max number of logins for this user
  • maxsyslogins- max number of logins on system
  • priority- the priority to run user process with (negative values boost process priority)
  • locks- max locked files

If a type of "-'' is specified without supplying the item and value fields then no limits are enforced.
The first entry of the form which applies to the authenticating user will override all other entries in the limits configuration file.
In general, individual limits have priority over group limits, so if no limits is imposed for a given group, but one of the members in this group have a limits line, the user will have its limits set according to this line.
Please note that all limit settings are set per login. They are not global, nor are they permanent; existing only for the duration of the session.

The following is an example configuration file:

# EXAMPLE /etc/security/limits.conf file:
# =======================================
#     
*          soft   nproc       2047
*         hard   nproc       16384
*         soft   nofile       2048
*         hard   nofile      65536

Having this file means, for instance, that every user can start a maximum of 2047 processes and can raise this limit up to 16384.

Source(s)

https://www.novell.com/support/kb/doc.php?id=3007194
https://access.redhat.com/solutions/22158
https://crybit.com/ su-cannot-set-user-id-resource/
https://access.redhat.com/solutions/30316