supereagle / experiences

Summary of practical experience in work.
2 stars 0 forks source link

Common user can not login CentOS 7.2 #7

Closed supereagle closed 7 years ago

supereagle commented 7 years ago

Phenomenons

Can not SSH connect the machine through one user, but it is OK for root or other user

# ssh xxx@10.10.10.1
shell request failed on channel 0

# tail -f 10 /var/log/secure
......
Feb  4 09:55:06 10.10.10.1 sshd[6137]: Accepted password for apps from 10.10.10.2 port 33216 ssh2
Feb  4 09:55:06 10.10.10.1 sshd[6137]: pam_unix(sshd:session): session opened for user apps by (uid=0)
Feb  4 09:55:06 10.10.10.1 sshd[6627]: error: do_exec_pty: fork: Resource temporarily unavailable
Feb  4 09:55:06 10.10.10.1 sshd[6137]: pam_unix(sshd:session): session closed for user apps

Can not switch to one user from root by su - xxx, but it is OK for other user

# su - xxx
Last login: Tue Apr 26 09:48:44 CST 2016 from application03 on pts/0
su: failed to execute /bin/bash: Resource temporarily unavailable

Analyses

The root cause is that the resource for the user is insufficient as there are too many processes created by this user. When the the user login through su - xxx or SSH, a new process will be created by the user. If the new process can not be created as the user's resource is insufficient, the login will be failed.

Check the process of the user xxx:

$ ps -ef | grep ^xxx|wc -l
1246

Solution

[root@10.10.10.1 ~]# vi /etc/security/limits.d/20-nproc.conf
[root@10.10.10.1 ~]# cat /etc/security/limits.d/20-nproc.conf
# Default limit for number of user's processes to prevent
# accidental fork bombs.
# See rhbz #432903 for reasoning.

*          soft    nproc     65535 (#Increase the limit from 1024 to 65535)
root       soft    nproc     unlimited