sulogin doesn't succeed if password once existed but later is locked

Bug #268271 reported by Jamie Strandboge on 2008-09-09
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
sysvinit (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: sysvinit

If a user creates a root password, then later locks the root account, sulogin will not allow logins. This affects single user mode and friendly-recovery.

Steps to reproduce:
# head -1 /etc/shadow
root:!:14131:0:99999:7::1:

# sulogin

# exit
exit

# passwd
Enter new UNIX password: foo
Retype new UNIX password: foo
passwd: password updated successfully

# head -1 /etc/shadow
root:$6$O5wNvGlJ$PDXBIwdpTGkuFUJPGp9IbOFmftsPIhpgRQQmM6h7G1btz09fJlX4iC/ohGnkFVg8jNirr6pvknBSSBz/r09.X/:14131:0:99999:7::1:

# passwd -l root
Password changed.

# head -1 /etc/shadow
root:!$6$O5wNvGlJ$PDXBIwdpTGkuFUJPGp9IbOFmftsPIhpgRQQmM6h7G1btz09fJlX4iC/ohGnkFVg8jNirr6pvknBSSBz/r09.X/:14131:0:99999:7::1:

# sulogin
Give root password for maintenance
(or type Control-D to continue):
Login incorrect.

# vipw -s
You have modified /etc/shadow.
You may need to modify /etc/passwd for consistency.
Please use the command `vipw' to do so.

# head -1 /etc/shadow
root:!:14131:0:99999:7::1:

# sulogin
# exit
exit

sulogin seems to only be checking for '!' as the password rather than '^!'. Using 'passwd -l root' is documented as the proper way to re-disable the root password according to https://help.ubuntu.com/community/RootSudo. Additionally, then man page for suloging simply says:

       If the root account is locked, as is the default on Ubuntu, no password
       prompt is displayed and sulogin behaves as if the correct password were
       entered.

This is inconsistent with observed behavior.

Changed in sysvinit:
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers