Showing posts from January, 2015

Low nproc limit prevents sudo'ing to another user

A while ago I posted a solution to OutOfMemoryError: unable to create new native thread, however I encountered a problem caused by the nproc setting but wasn't fixable by a simple ulimit command. The problem we were encountering was that we couldn't sudo into service account when we had all our application servers running.

Our sysadmins have setup a user escalation script, which there's nothing wrong with. It does some prechecks, sudos a script under the requested user, does some logging, then does an exec <configured shell> . When there are too many processes, it manages to run the 2nd script as the user, however the exec command blocks, it never gets to the profile script to execute the ulimit command.
I traced it down to the default soft limit for the number of process for all users to 1024.
Our process count is way above that, which means when it tries to create a new process for bash when we run the sudo script, it can’t. So we are unable to sign into the accou…