When you are setting up a new Linux computer (or an existing one that you have made changes on), you may run into the following error when attempting to elevate to “root” using “sudo”.
1 |
sudo: PERM_ROOT: setresuid(0, -1, -1): too many processes |
I encountered this after a new Linux VPS was set up and I was attempting to run the following command (or really any “sudo” command):
1 |
sudo su - |
Note: The above command allows you to get a root shell, even if you have root SSH access denied.
The fix to this was to disable WHM Shell Fork Bomb Protection via the interface. The reason that you may not always see this is if your SSH session doesn’t quite hit the limits of allowed processes and lets you spawn one more for the “sudo” session. In my case, it would not, I just had too many processes.
Reference: https://documentation.cpanel.net/display/ALD/Shell+Fork+Bomb+Protection
To look a little more in depth about how you can tell if this is happening is to look at the ulimits yourself.
Below is an Unprivileged User with Shell Fork Bomb Protection Enabled, notice the Max User Processes capped at 35.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
unprivilegeduser@myserver [~]# ulimit -a core file size (blocks, -c) 200000 data seg size (kbytes, -d) 200000 scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 1031091 max locked memory (kbytes, -l) 64 max memory size (kbytes, -m) 200000 open files (-n) 100 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 8192 cpu time (seconds, -t) unlimited max user processes (-u) 35 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited |
Below is the same user with Shell Fork Bomb Protection Disabled
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
unprivilegeduser@myserver [~]# ulimit -a core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 1031091 max locked memory (kbytes, -l) 64 max memory size (kbytes, -m) unlimited open files (-n) 1024 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 10240 cpu time (seconds, -t) unlimited max user processes (-u) 1031091 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited |