Can not SSH connect the machine through one user, but it is OK for root or other user
# ssh xxx@10.10.10.1
shell request failed on channel 0
# tail -f 10 /var/log/secure
......
Feb 4 09:55:06 10.10.10.1 sshd[6137]: Accepted password for apps from 10.10.10.2 port 33216 ssh2
Feb 4 09:55:06 10.10.10.1 sshd[6137]: pam_unix(sshd:session): session opened for user apps by (uid=0)
Feb 4 09:55:06 10.10.10.1 sshd[6627]: error: do_exec_pty: fork: Resource temporarily unavailable
Feb 4 09:55:06 10.10.10.1 sshd[6137]: pam_unix(sshd:session): session closed for user apps
Can not switch to one user from root by su - xxx, but it is OK for other user
# su - xxx
Last login: Tue Apr 26 09:48:44 CST 2016 from application03 on pts/0
su: failed to execute /bin/bash: Resource temporarily unavailable
Analyses
The root cause is that the resource for the user is insufficient as there are too many processes created by this user. When the the user login through su - xxx or SSH, a new process will be created by the user. If the new process can not be created as the user's resource is insufficient, the login will be failed.
Check the process of the user xxx:
$ ps -ef | grep ^xxx|wc -l
1246
Solution
[root@10.10.10.1 ~]# vi /etc/security/limits.d/20-nproc.conf
[root@10.10.10.1 ~]# cat /etc/security/limits.d/20-nproc.conf
# Default limit for number of user's processes to prevent
# accidental fork bombs.
# See rhbz #432903 for reasoning.
* soft nproc 65535 (#Increase the limit from 1024 to 65535)
root soft nproc unlimited
Phenomenons
Can not SSH connect the machine through one user, but it is OK for root or other user
Can not switch to one user from root by
su - xxx
, but it is OK for other userAnalyses
The root cause is that the resource for the user is insufficient as there are too many processes created by this user. When the the user login through
su - xxx
or SSH, a new process will be created by the user. If the new process can not be created as the user's resource is insufficient, the login will be failed.Check the process of the user
xxx
:Solution