SOLVED Error running command as another user

[oscarenzo]

Hello

I've a cpanel WHM 60.0 (build 34) with centos 6 and have a problem, I use xymon for monitoring some process, the script basically run as xymon using sudo for do queries to exim, like:

exim -bpr, exim -bpc, etc

I configured sudoers and if I run manually the command su xymon -c "command" run as well, but when the script run in background now work and in my log show this error message:

sudo: PERM_ROOT: setresuid(0, -1, -1): too many processes
sudo: PERM_ROOT: setresuid(0, -1, -1): too many processes

I come from centos 5 and not have a problems, in some forums and blogs see that disabling the cpanel shell fork bomb protection is solved but I prefer not, are there some way to increment the limit or apply some exception to this user?

Thank you.

 

[cPanelMichael]

Hello,

Discussion on the manual modification of the settings that Shell Fork Bomb Protection enables is found at:

The purpose of /etc/profile.d/limit.sh

Otherwise, you'd need to disable Shell Fork Bomb Protection to prevent this from happening.

Thank you.

 

[oscarenzo]

Thank you MIchael, I've edited the file of this way:

#cPanel Added Limit Protections -- BEGIN

#unlimit so we can run the whoami
ulimit -n 4096 -u 14335 -m unlimited -d unlimited -s 8192 -c 1000000 -v unlimited 2>/dev/null

LIMITUSER=$USER
if [ -e "/usr/bin/whoami" ]; then
        LIMITUSER=`/usr/bin/whoami`
fi
#Custom   Part for xymon exim queue check
if [ "$LIMITUSER" == "xymon" ]; then
       ulimit -n 100 -u 70 -m 200000 -d 200000 -s 8192 -c 200000 -v unlimited 2>/dev/null
elif [ "$LIMITUSER" != "root" ]; then
        ulimit -n 100 -u 35 -m 200000 -d 200000 -s 8192 -c 200000 -v unlimited 2>/dev/null
else
       ulimit -n 4096 -u 14335 -m unlimited -d unlimited -s 8192 -c 1000000 -v unlimited 2>/dev/null
fi
#cPanel Added Limit Protections -- END

But still showing the problem, need to edit the file limits.csh also?, then when run ulimit with this user have unlimited yet without do some modification:

[[email protected] profile.d]# su xymon -c "ulimit -a"
core file size          (blocks, -c) 1000000
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 63398
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 4096
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) 1024
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

thank you.

 

[cPanelMichael]

But still showing the problem, need to edit the file limits.csh also?, then when run ulimit with this user have unlimited yet without do some modification:

I have seen previous threads where users also needed to adjust the limits.csh file. Let us know if that helps.

Thank you.

 

[GilbertoArias]

Hello,

Discussion on the manual modification of the settings that Shell Fork Bomb Protection enables is found at:

The purpose of /etc/profile.d/limit.sh

Otherwise, you'd need to disable Shell Fork Bomb Protection to prevent this from happening.

Thank you.

EXCELLENT RECOMMENDATION, WORKS FOR ME ;-) I "disable Shell Fork Bomb Protection " just for a time in order to use Transfer tool.