pam_limits.so making problems for sudo

This is a bug in the pam_limits module, causing authentication to fail. I think it only affects RHEL/Centos 7. It affects sudo users who have an unlimited or very high nofiles setting (bigger than fs.nr_open=1024x1024=1024576).

Your options are:

  • Remove pam_limits from your sudo PAM rules
  • Set the nofiles for the destination user (tomcat) to be something lower than fs.nr_open
  • Raise the kernel setting fs.nr_open (in /etc/sysctl.conf) to be higher than your ulimit
  • Wait for a fix?

Tags:

Sudo

Centos

Pam

Recent Posts