sulogin doesn't succeed if password once existed but later is locked
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sysvinit (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: sysvinit
If a user creates a root password, then later locks the root account, sulogin will not allow logins. This affects single user mode and friendly-recovery.
Steps to reproduce:
# head -1 /etc/shadow
root:!:
# sulogin
# exit
exit
# passwd
Enter new UNIX password: foo
Retype new UNIX password: foo
passwd: password updated successfully
# head -1 /etc/shadow
root:$6$
# passwd -l root
Password changed.
# head -1 /etc/shadow
root:!$
# sulogin
Give root password for maintenance
(or type Control-D to continue):
Login incorrect.
# vipw -s
You have modified /etc/shadow.
You may need to modify /etc/passwd for consistency.
Please use the command `vipw' to do so.
# head -1 /etc/shadow
root:!:
# sulogin
# exit
exit
sulogin seems to only be checking for '!' as the password rather than '^!'. Using 'passwd -l root' is documented as the proper way to re-disable the root password according to https:/
If the root account is locked, as is the default on Ubuntu, no password
prompt is displayed and sulogin behaves as if the correct password were
entered.
This is inconsistent with observed behavior.
Changed in sysvinit: | |
status: | New → Confirmed |