sulogin(8) System Manager's Manual sulogin(8)
NAME
sulogin - single-user login program (Enhanced Security)
SYNOPSIS
/sbin/sulogin
DESCRIPTION
The sulogin program is run by the init process on the console terminal when entering single-user mode. The sulogin program checks the sys-
tem configuration to determine whether entering single-user mode requires entering the root password. If it does not, then sulogin execs
/sbin/sh with its argv[0] set to "-". That same exec is also done if the root password is correctly entered.
The decision to enter the single-user mode depends on the state of the system configuration files. If the files cannot be read, then
defaults are assumed (as described below). Therefore, the loss of a configuration file does not prevent access to the system console for
repairing the problem.
The sulogin program first checks the /etc/rc.config file for a the SECURE_CONSOLE variable. If such a variable is present, and it is set
to a true value (either "TRUE", "ON", "YES", or "1"), then the program asks for the root password. The value of the SECURE_CONSOLE vari-
able is checked in a case-independent fashion, and only a minimal match is necessary. Thus, the value is really checked against the fol-
lowing regular expression:
^([Tt]|1|[Yy]|[Oo][Nn]).*
If the SECURE_CONSOLE variable is present, but does not have one of the true values, then sulogin does not ask for the root password, but
simply execs /sbin/sh as previously described.
If the SECURE_CONSOLE variable is not found in the /etc/rc.config file, or if that file is missing or unreadable, then an attempt is made
to obtain the value of the console firmware setting of the SECURE variable, using the GSI_PROM_ENV function of the getsysinfo() system
call. If the check determines the console commands are password- protected, the sulogin program requests the root password.
If sulogin has made the decision to request the root password, it also determines whether BASE or ENHANCED security should be used to vali-
date that password. This is done using the value of the SECURITY variable from the /etc/rc.config file, unless that file was not readable,
in which case the /etc/sia/matrix.conf file is read, looking for a line beginning with the string "siad_ses_init=", and containing either
"(OSFC2," or "(BSD,". If the /etc/rc.config file was readable, but the SECURITY variable was not set, then BASE security is assumed.
(This is how the /sbin/init.d/security script initializes the /etc/sia/matrix.conf file, as well). If the /etc/rc.config file can not be
read and the /etc/sia/matrix.conf file either can not be read or does not have an appropriate siad_ses_init line, then the sulogin program
checks to see whether the /etc/passwd file contains a valid entry for root and whether the getespwnam("root") function returns a valid
extended profile. If both profile entries exist, but only one has a valid encrypted password field, that profile (and thus that security
policy) is used. If both passwords are valid, the BASE security policy is used.
Once the sulogin program has determined which security policy to use, it checks whether that policy has a valid account entry for user root
(if not already checked while determining which policy to use), and whether that entry has a password that can be matched. If the password
is impossible to match, or if no valid root profile exists, then sulogin prints a warning and execs /sbin/sh as previously described. For
BASE security, a null encrypted password field for root causes the program to exec /sbin/sh without complaining.
If there is a matchable root password, sulogin prints out "Single-user root login" and prompts for the password. If the entered password
does not match (after the appropriate encryption if non-null), the program waits for 5 seconds (to deter break-in attempts, displays
"Sorry", and re-prompts. If the program is interrupted or receives and end-of-file condition while attempting to read a password from the
console terminal, it simply exits. This normally causes init to enter multi-user mode (It depends on system configuration information in
/etc/inittab, specifically the entry marked with "initdefault", which ships at run-level "3"). This may also cause init to prompt for a
run level, or to restart the sulogin program.
Finally, if a password was collected, and it did match, the exec of /sbin/sh is done. If that exec fails, the reason for the failure is
displayed, and the program sleeps for 5 seconds before exiting. Upon exiting control of the console is returned to the init process, as
previously described for interrupt or end-of-file.
FILES
/etc/rc.config
/etc/sia/matrix.conf
/etc/passwd
/tcb/files/auth.db (/tcb/files/auth/r/root)
RELATED INFORMATION
login(1), getpwnam(3), getespwnam(3), dispcrypt(3), matrix.conf(4), init(8)
Security delim off
sulogin(8)