Impersonation Failure, user running agent service unable to impersonate

Document ID : KB000100277
Last Modified Date : 06/06/2018
Show Technical Document Details
Issue:

While executing action  "Find Files or Folders" using specific credentials ('XYZ' user) we meet the below error

Error on UI:

"Error occurred during action execution under sag credentials(Unable to run action for user XYZ. Verify the user running Nolio agent has privileges to impersonate other users, and that user sag has permissions on Nolio installation folder.)

Error in logs: In logs/XYZ_output.log we find:

./ActionsRunner.sh: fork: retry: Ressource temporairement non disponible
./ActionsRunner.sh: fork: retry: Ressource temporairement non disponible
./ActionsRunner.sh: fork: retry: Ressource temporairement non disponible
./ActionsRunner.sh: fork: retry: Ressource temporairement non disponible
./ActionsRunner.sh: fork: Ressource temporairement non disponible

We use SudoActionsRunner.sh as is:
#if a password is NOT required
sudo -u $3 -S ./ActionsRunner.sh $1 $2 $3
#if password IS required
#"$nolio_password" | sudo -u $3 -S ./ActionsRunner.sh $1 $2 $3}
Environment:
  • CARA 6.5.0.10035 or greater
  • Agent version is 6.5.0.10007 or greater
  • RHEL 6.2 or greater
Cause:

After verifying all the requirement as mentioned in document (Impersonation Document, in additional reference), with some search we narrow the issue to nproc limit.

  • The system was not able to create new process(es), because of the limits set for nproc in /etc/security/limits.conf file.

  • The process(es) initiated by user "test" having uid (702638) are reached to it's soft limit.

  • The soft limit for number of process(es) (nproc) is set to 1024 in /etc/security/limits.conf file.

  • The total number of process(es) running on this system with uid (702638) are 1023 process(es)


 
Resolution:

Based on above analysis [details of same on Red Hat document (solution: 543503)] we make the changes to increase the value of "nproc" parameter for user or all user's in /etc/security/limits.d/90-nproc.conf

Additional Information: