Bug 1651332 - Single user mode exits root password screen unexpectedly
Summary: Single user mode exits root password screen unexpectedly
Keywords:
Status: NEW
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: systemd
Version: 7.5
Hardware: Unspecified
OS: Linux
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: systemd-maint
QA Contact: qe-baseos-daemons
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-11-19 17:37 UTC by Alfred Sin
Modified: 2019-11-04 17:46 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:


Attachments (Terms of Use)

Description Alfred Sin 2018-11-19 17:37:10 UTC
Description of problem:
Non-deterministic behavior entering single user mode - a user hitting keyboard keys when entering single user mode without a root password will eventually be rebooted.

Version-Release number of selected component (if applicable):


How reproducible:
100%


Steps to Reproduce:
1. Create RHEL 7.5 VM from Azure marketplace
2. Ensure there is no root password set on the VM
3. Enter root - `sudo su`
4. Run `init 1`
5. You will be taken to a screen that says "Press Ctrl-D to continue"
6. Begin hitting Ctrl-D and Esc on the keyboard

Actual results:
VM Exits the Ctrl-D screen and reboots


Expected results:
Press Ctrl-D to continue error remains on screen


Additional info:

Comment 2 Karel Zak 2018-11-23 10:28:36 UTC
"continue" (after Ctrl-D) means continue in boot, so usually reboot. So, it's expected behaviour.

The util responsible for log-in is sulogin from util-linux package -- we did some changes in the util in 7.6 update (see below), you need util-linux version >= 2.23.2-59.

If you want to enter shell you need to specify password, or press Enter if there is no password at all. The prompt is

                Press Enter for maintenance
                (or press Control-D to continue):

for locked accounts or accounts without password, and

                Give root password for maintenance
                (or press Control-D to continue):

for regular accounts.

Note, for locked accounts see bug #1561200, you need --force on sulogin command line, otherwise you will see 

                Cannot open access to console, the root account is locked.
                See sulogin(8) man page for more details.

                Press Enter to continue.

And note that system without root password sounds like crazy setting :)

Comment 3 Alfred Sin 2018-11-27 17:38:39 UTC
Interesting - here's what I'm seeing across RHEL 7.5 and RHEL 7.6 Azure images:

RHEL 7.5:
- No root password set
- I added an invalid entry to /etc/fstab and rebooted. This is what I saw:

> Give root password for maintenance
> (or type Control-D to continue):
> sulogin: crypt failed: Invalid argument
> Login incorrect

- Can you confirm that this is expected behavior? I thought that bug #1561200 was an ask to add a --force to sulogin so that users don't run into this situation.

RHEL 7.6:
- No root password set
- I added an invalid entry to /etc/fstab and rebooted. This is what I saw:


> Authorization not available. Check if polkit service is running or see debug message for more information.
> Welcome to emergency mode! After logging in, type "journalctl -xb" to view
system logs, "systemctl reboot" to reboot, "systemctl default" or ^D to
try again to boot into default mode.

> Cannot open access to console, the root account is locked.
> See sulogin(8) man page for more details.

> Press Enter to continue.

- Is this also expected behavior?

It is surprising how many users forget to set a root password (as crazy as that may sound!). In these situations they don't have much they can do if they're running RHEL since the root account always seems to be locked. 

I think the ask here would be to add a --force to sulogin, but I'm not sure why it didn't already happen with bug 1561200. I might have missed a memo, was there a miscommunication?

Comment 4 Karel Zak 2018-11-29 11:33:55 UTC
(In reply to Alfred Sin from comment #3)
> RHEL 7.5:
> - No root password set
> - I added an invalid entry to /etc/fstab and rebooted. This is what I saw:
> 
> > Give root password for maintenance
> > (or type Control-D to continue):
> > sulogin: crypt failed: Invalid argument
> > Login incorrect
> 
> - Can you confirm that this is expected behavior?

No, this does not seem like correct behaviour. If you really do not have password than "Press Enter for maintenance" prompt is expected and crypt() should not be used at all. I guess this should be fixed in version 7.6.

> I thought that bug
> #1561200 was an ask to add a --force to sulogin so that users don't run into
> this situation.

The option --force is necessary for locked accounts ("!" or "*" before password) or when /etc/passwd and /etc/shadow are not available. The option has been introduced to bypass the default safe behaviour for malformed or locked systems in single user mode.

7.6 update cleans up more things in sulogin, not only --force.

> RHEL 7.6:
> - No root password set
> - I added an invalid entry to /etc/fstab and rebooted. This is what I saw:
> 
> > Cannot open access to console, the root account is locked.
> > See sulogin(8) man page for more details.
> > Press Enter to continue.

This seems like locked account rather than no password, it seems like password starts with '*' or '!'. In this case you need --force.

> - Is this also expected behavior?

Yes, if the account is locked. You can confirm it by:
# grep root /etc/shadow, for example:

# passwd -l root
Locking password for user root.
passwd: Success

# grep root /etc/shadow
root:!!$6$4dyniMBX$UIYJKM/9k9Of1oKFJbT.5SUrGxjfBrNVBUkJKHJKuJxCxIl11Wg0s7KpGWIsk3yjiGYa44or.SYaCM.CFWR1:16832:0:99999:7:::

If you delete the password:

# passwd -d root
Removing password for user root.
passwd: Success

# grep root /etc/shadow
root::17864:0:99999:7:::


> I think the ask here would be to add a --force to sulogin, but I'm not sure

My suggestion is to use --force very carefully if you're not able to protect access to the system console. IMHO it's bad idea for public kiosks or as a distro default.

> why it didn't already happen with bug 1561200. I might have missed a memo,
> was there a miscommunication?

Please, verify your password in /etc/shadows. Thanks for your patience ;-) 

I'll also try to reproduce the problem again. It seems like some issue with system configuration or any bug in sulogin.

Comment 5 Alfred Sin 2018-12-05 21:23:03 UTC
So I verified my password in etc/shadow:

[root@rhel76 azlinux]# grep root /etc/shadow
root:*LOCK*:14600::::::
[root@rhel76 azlinux]# passwd -d root
Removing password for user root.
passwd: Success
[root@rhel76 azlinux]# grep root /etc/shadow
root::17870::::::

After deleting the root password I was able to actually press Enter to enter a shell. Does this mean that if we want customers to be able to use the "Press Enter for maintenance" functionality, they need to delete the root password?

Comment 6 Karel Zak 2018-12-10 12:28:52 UTC
Here is complete list of all possibilities:

"Press Enter for maintenance":

  * you need to delete the password ("passwd -d root")

  * or you need locked account and --force on sulogin command line

  * password is defined, but malformed (wrong length, no $<n>$ prefix, etc.)


"Cannot open access to console, the root account is locked" case:

  * root account is locked, but --force is NOT specified on sulogin command line


"Give root password for maintenance" case:

  * root account with standard password


The very last possibility is Control-D, in this case sulogin(1) exits (=no shell) and system reboots/continues. This case is independent on all configuration.

Comment 7 Jeremy Linton 2019-03-12 16:44:33 UTC
I keep getting a google hit for this defect when I search for "sulogin: crypt failed: Invalid argument".

I'm using F29 out of the box armhfp image, and no combination of --force, locked root, unset root, or set root password gives me anything but the above message for any systemd targets that utilizes sulogin.

Comment 8 Jeremy Linton 2019-03-12 17:00:01 UTC
Uh fun, selinux=0 solves the problem. Maybe sulogin should trap the invalid argument return and just drop to a shell at that point, since something is very wrong when it happens.


Note You need to log in before you can comment on or make changes to this bug.