Cannot log in as root directly, but su works

Denis Vlasenko vda.linux at googlemail.com
Mon Mar 12 08:57:00 PDT 2007 

Hi,

On Monday 12 March 2007 12:19, Martetschlaeger Stefan wrote:
> I'm currently working on an embedded arm system. I try to get it working with a read-only rootfs. I use an initrd to set things up, and do then switch_root into the read-only mounted rootfs which works quit fine but I cannot login as root directly on the login prompt. It says "Login incorrect" right after I enter "root".  I can, however, log in as any other user and then use su to gain root access. 
> The weird thing is that it worked fine until 2 days ago as I replaced the /dev directory by a symlink to the mounted ramdisk I use for volatile data (/dev, /home, /tmp are also symlinks to the appropriate directories on this disk). I double checked that all device files are correctly set up on the ramdisk to rule out every obvious reason for any problem here. I can't see why that change should have broken something here. 
> passwd, group and shadow are in place and contain entries for root. I get no messages in /var/log/messages after a login attempt as root. Also, the console I try to log in as root is listed in /etc/securetty .
> 
> I'm running linux-2.6.19.2, busybox-1.4.1 and Bash 3.2.0 as my default shell

If you have strace on the system, try strace -o str.log -f -p <getty's pid>,
do (uncussessful login on that tty and show the log.
If that is not possible or doesn't give hints,
go to login.c, find "Login incorrect", add debug prints,
recompile/rerun.

        while (1) {
                if (!username[0])
                        get_username_or_die(username, sizeof(username));

                pw = getpwnam(username);
                if (!pw) {
                        safe_strncpy(username, "UNKNOWN", sizeof(username));
puts("!pw");
                        goto auth_failed;
                }

                if (pw->pw_passwd[0] == '!' || pw->pw_passwd[0] == '*')
{puts("passwd ! or *");
                        goto auth_failed;
}

                if (opt & LOGIN_OPT_f)
                        break; /* -f USER: success without asking passwd */

                if (pw->pw_uid == 0 && !check_securetty())
{puts("!securetty");
                        goto auth_failed;
}

                /* Don't check the password if password entry is empty (!) */
                if (!pw->pw_passwd[0])
                        break;

                /* authorization takes place here */
                if (correct_password(pw))
                        break;

auth_failed:
                opt &= ~LOGIN_OPT_f;
                bb_do_delay(FAIL_DELAY);
                puts("Login incorrect");

Question: where is it different from the case when /dev is writable?
--
vda

More information about the busybox mailing list