SOLVED Error running command as another user

oscarenzo

Active Member
Nov 16, 2011
28
2
53
cPanel Access Level
Root Administrator
Hello

I've a cpanel WHM 60.0 (build 34) with centos 6 and have a problem, I use xymon for monitoring some process, the script basically run as xymon using sudo for do queries to exim, like:

exim -bpr, exim -bpc, etc

I configured sudoers and if I run manually the command su xymon -c "command" run as well, but when the script run in background now work and in my log show this error message:

sudo: PERM_ROOT: setresuid(0, -1, -1): too many processes
sudo: PERM_ROOT: setresuid(0, -1, -1): too many processes

I come from centos 5 and not have a problems, in some forums and blogs see that disabling the cpanel shell fork bomb protection is solved but I prefer not, are there some way to increment the limit or apply some exception to this user?

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,229
463
Hello,

Discussion on the manual modification of the settings that Shell Fork Bomb Protection enables is found at:

The purpose of /etc/profile.d/limit.sh

Otherwise, you'd need to disable Shell Fork Bomb Protection to prevent this from happening.

Thank you.
 
  • Like
Reactions: GilbertoArias

oscarenzo

Active Member
Nov 16, 2011
28
2
53
cPanel Access Level
Root Administrator
Thank you MIchael, I've edited the file of this way:

Code:
#cPanel Added Limit Protections -- BEGIN

#unlimit so we can run the whoami
ulimit -n 4096 -u 14335 -m unlimited -d unlimited -s 8192 -c 1000000 -v unlimited 2>/dev/null

LIMITUSER=$USER
if [ -e "/usr/bin/whoami" ]; then
        LIMITUSER=`/usr/bin/whoami`
fi
#Custom   Part for xymon exim queue check
if [ "$LIMITUSER" == "xymon" ]; then
       ulimit -n 100 -u 70 -m 200000 -d 200000 -s 8192 -c 200000 -v unlimited 2>/dev/null
elif [ "$LIMITUSER" != "root" ]; then
        ulimit -n 100 -u 35 -m 200000 -d 200000 -s 8192 -c 200000 -v unlimited 2>/dev/null
else
       ulimit -n 4096 -u 14335 -m unlimited -d unlimited -s 8192 -c 1000000 -v unlimited 2>/dev/null
fi
#cPanel Added Limit Protections -- END
But still showing the problem, need to edit the file limits.csh also?, then when run ulimit with this user have unlimited yet without do some modification:
Code:
[[email protected] profile.d]# su xymon -c "ulimit -a"
core file size          (blocks, -c) 1000000
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 63398
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 4096
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) 1024
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited
thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,229
463
But still showing the problem, need to edit the file limits.csh also?, then when run ulimit with this user have unlimited yet without do some modification:
I have seen previous threads where users also needed to adjust the limits.csh file. Let us know if that helps.

Thank you.
 

GilbertoArias

Registered
Sep 3, 2017
3
0
1
mex
cPanel Access Level
Reseller Owner
Hello,

Discussion on the manual modification of the settings that Shell Fork Bomb Protection enables is found at:

The purpose of /etc/profile.d/limit.sh

Otherwise, you'd need to disable Shell Fork Bomb Protection to prevent this from happening.

Thank you.
EXCELLENT RECOMMENDATION, WORKS FOR ME ;-) I "disable Shell Fork Bomb Protection " just for a time in order to use Transfer tool.