su: user root does not exist

su: user root does not exist

Post by Pavel Tkatchou » Thu, 17 Jun 1999 04:00:00



I'm trying to package minimal file system to be used for diskless
terminal. It's RedHat5.2 based. Using Etherboot-4.0 this fs is combined
with 2.0.36 kernel into bootable tagged image. I package 5.2 the same way
like 4.2 based I'm using for 2+ yrs, but with 5.2 I have login problem:
nor matter which username/password it says "password incorrect"
(/etc/passwd,group are copied from disk based setup, which logs you fine).
If I run "su -c some_command root" from rc.local for login-less boot it
says "user root does not exist" (again, passwd do has root entry).

Any suggestions?

Thanks.


P.S. Terminal is headless so I believe by-passing login altogether won't
compromise security too much. Can I boot straight to the prompt? (I disable
password checking, but login still keeps saying "incorrect login").

 
 
 

su: user root does not exist

Post by Ben Armstron » Thu, 17 Jun 1999 04:00:00



> I'm trying to package minimal file system to be used for diskless
> terminal. It's RedHat5.2 based. Using Etherboot-4.0 this fs is combined
> with 2.0.36 kernel into bootable tagged image. I package 5.2 the same way
> like 4.2 based I'm using for 2+ yrs, but with 5.2 I have login problem:
> nor matter which username/password it says "password incorrect"
> (/etc/passwd,group are copied from disk based setup, which logs you fine).
> If I run "su -c some_command root" from rc.local for login-less boot it
> says "user root does not exist" (again, passwd do has root entry).

Perhaps you have shadow passwords enabled on 5.2 but don't have a
/etc/shadow, or /etc/shadow is not owned by group 'shadow', and set with
the proper perms, e.g.


-rw-r--r--   1 root     root         1390 Apr 11 21:55 /etc/passwd
-rw-r-----   1 root     shadow        875 Apr 11 20:43 /etc/shadow

shadow is accessed by:

-rwxr-sr-x   1 root     shadow      10512 May 31 16:11 pwdb_chkpwd

At least, this is the way things are setup on Debian 2.1 and later.  YMMV.

I had problems logging in at one point because a devel version of the
shadow support had made /etc/shadow owned by root and chmod'd to 600,
which made it impossible for pwdb_chkpwd to access it.  You might be
looking at a similar problem here.

Ben
--


[ pgp key fingerprint = 7F DA 09 4B BA 2C 0D E0  1B B1 31 ED C6 A9 39 4F ]
[ gpg key fingerprint = 395C F3A4 35D3 D247 1387  2D9E 5A94 F3CA 0B27 13C8 ]

 
 
 

su: user root does not exist

Post by Pavel Tkatchou » Thu, 17 Jun 1999 04:00:00



>Perhaps you have shadow passwords enabled on 5.2 but don't have a
>/etc/shadow, or /etc/shadow is not owned by group 'shadow', and set with
>the proper perms, e.g.

No, I don't have shadow enabled.  Thanks, anyway.

Just wanted to emphasize - "diskless" file system is trimmed down copy of
working setup. That is I take standard RH5.2 CD, install it, make sure
everything
is working (including passwords).  Than determine what files subset would be
needed for diskless setup. Copy them. Do necessary changes in /etc tree and
some others.

It is transition from "local" boot to  "remote" that breaks something. For
example
if you put minimal file system on floppy and boot from there - everything's
fine.

But the same file system won't let you to boot remotely until you change
permissions
and owneships (to nobody:nobody) for some files. That's how I got 4.2
working.

I guess something has been changed in authentication mechanism from 4.2 to
5.2.

I wonder if I can boot straight to the prompt by-passing login (perhaps
editing pam.conf?)

Thanks.