Overview

When you are setting up a new Linux computer (or an existing one that you have made changes on), you may run into the following error when attempting to elevate to “root” using “sudo”.

sudo: PERM_ROOT: setresuid(0, -1, -1): too many processes

I encountered this after a new Linux VPS was set up and I was attempting to run the following command (or really any “sudo” command):

sudo su -

Note: The above command allows you to get a root shell, even if you have root SSH access denied.

Resolution

The fix to this was to disable WHM Shell Fork Bomb Protection via the interface. The reason that you may not always see this is if your SSH session doesn’t quite hit the limits of allowed processes and lets you spawn one more for the “sudo” session. In my case, it would not, I just had too many processes.

Reference: https://documentation.cpanel.net/display/ALD/Shell+Fork+Bomb+Protection

Additional Details

To look a little more in depth about how you can tell if this is happening is to look at the ulimits yourself.

Below is an Unprivileged User with Shell Fork Bomb Protection Enabled, notice the Max User Processes capped at 35.

[email protected] [~]# ulimit -a
core file size          (blocks, -c) 200000
data seg size           (kbytes, -d) 200000
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 1031091
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) 200000
open files                      (-n) 100
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) 35
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

Below is the same user with Shell Fork Bomb Protection Disabled

[email protected] [~]# ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 1031091
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 10240
cpu time               (seconds, -t) unlimited
max user processes              (-u) 1031091
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited