操作环境
SuSE11sp1
问题现象
执行su - test命令切换失败,提示"su: cannot set user id: Resource temporarily unavailable"
问题分析
猜测是test使用资源超过系统的限制(比如进程数、打开的文件句柄)
1、查看/etc/security/limits.conf文件,文件并无对test用户做特殊限制
2、ulimit -a,查看输出结果与步骤1中的配置一致。
3、pf -fu test | wc -l,查看test用户打开的进程数,小于上述通用配置nproc参数值。OK
4、lsof | awk '{print $3}' | sort | uniq -c,查看test用户打开的文件句柄数。小于上述通用配置的参数值nofile。OK
5、ps -eLF | grep 'test'|wc-l,查看test用户打开的线程数(Java里面的一个线程在Linux下会最终映射成操作系统的一个进程),等于当前通用配置的参数值nproc。找到了原因。因此需要修改nproc参数。
问题解决
1、调大/etc/security/limits.conf中nproc参数。不需要重启。
2、执行ulimit -a查看确认修改已生效。
3、重新执行su - test,切换成功。问题解决
知识拓展
1、/etc/security/limits.conf文件及内容介绍
# /etc/security/limits.conf # #This file sets the resource limits for the users logged in via PAM. #It does not affect resource limits of the system services. # #Also note that configuration files in /etc/security/limits.d directory, #which are read in alphabetical order, override the settings in this #file in case the domain is the same or more specific. #That means for example that setting a limit for wildcard domain here #can be overriden with a wildcard setting in a config file in the #subdirectory, but a user specific setting here can be overriden only #with a user specific setting in the subdirectory. # #Each line describes a limit for a user in the form: # #<domain> <type> <item> <value> # #Where: #<domain> can be: # - a user name # - a group name, with @group syntax # - the wildcard *, for default entry # - the wildcard %, can be also used with %group syntax, # for maxlogin limit # #<type> can have the two values: # - "soft" for enforcing the soft limits # - "hard" for enforcing hard limits # #<item> can be one of the following: # - core - limits the core file size (KB) # - data - max data size (KB) # - fsize - maximum filesize (KB) # - memlock - max locked-in-memory address space (KB) # - nofile - max number of open file descriptors # - rss - max resident set size (KB) # - stack - max stack size (KB) # - cpu - max CPU time (MIN) # - nproc - max number of processes # - as - address space limit (KB) # - maxlogins - max number of logins for this user # - maxsyslogins - max number of logins on the system # - priority - the priority to run user process with # - locks - max number of file locks the user can hold # - sigpending - max number of pending signals # - msgqueue - max memory used by POSIX message queues (bytes) # - nice - max nice priority allowed to raise to values: [-20, 19] # - rtprio - max realtime priority # #<domain> <type> <item> <value> # #* soft core 0 #* hard rss 10000 #@student hard nproc 20 #@faculty soft nproc 20 #@faculty hard nproc 50 #ftp hard nproc 0 #@student - maxlogins 4 # End of file @users soft nofile 100001 @users hard nofile 100002 @root soft nofile 100001 @root hard nofile 100002
2、ulimit命令,设置限制,可以把命令加到profile文件里,也可以在/etc/security/limits.conf文件中定义限制。
常用参数如下
-a 显示所有限制 -n 打开文件数的上限 -u 进程数的上限 -c core文件大小的上限 -d 进程数据段大小的上限 -f shell所能创建的文件大小的上限 -m 驻留内存大小的上限 -s 堆栈大小的上限 -t 每秒可占用的CPU时间上限 -p 管道大小 -v 虚拟内存的上限