sulogin(8)sulogin(8)NAMEsulogin - single-user login program (Enhanced Security)
SYNOPSIS
/sbin/sulogin
DESCRIPTION
The sulogin program is run by the init process on the console terminal
when entering single-user mode. The sulogin program checks the system
configuration to determine whether entering single-user mode requires
entering the root password. If it does not, then sulogin execs
/sbin/sh with its argv[0] set to "-". That same exec is also done if
the root password is correctly entered.
The decision to enter the single-user mode depends on the state of the
system configuration files. If the files cannot be read, then defaults
are assumed (as described below). Therefore, the loss of a configura‐
tion file does not prevent access to the system console for repairing
the problem.
The sulogin program first checks the /etc/rc.config file for a the
SECURE_CONSOLE variable. If such a variable is present, and it is set
to a true value (either "TRUE", "ON", "YES", or "1"), then the program
asks for the root password. The value of the SECURE_CONSOLE variable is
checked in a case-independent fashion, and only a minimal match is nec‐
essary. Thus, the value is really checked against the following regular
expression:
^([Tt]|1|[Yy]|[Oo][Nn]).*
If the SECURE_CONSOLE variable is present, but does not have one of the
true values, then sulogin does not ask for the root password, but sim‐
ply execs /sbin/sh as previously described.
If the SECURE_CONSOLE variable is not found in the /etc/rc.config file,
or if that file is missing or unreadable, then an attempt is made to
obtain the value of the console firmware setting of the SECURE vari‐
able, using the GSI_PROM_ENV function of the getsysinfo() system call.
If the check determines the console commands are password- protected,
the sulogin program requests the root password.
If sulogin has made the decision to request the root password, it also
determines whether BASE or ENHANCED security should be used to validate
that password. This is done using the value of the SECURITY variable
from the /etc/rc.config file, unless that file was not readable, in
which case the /etc/sia/matrix.conf file is read, looking for a line
beginning with the string "siad_ses_init=", and containing either
"(OSFC2," or "(BSD,". If the /etc/rc.config file was readable, but the
SECURITY variable was not set, then BASE security is assumed. (This is
how the /sbin/init.d/security script initializes the
/etc/sia/matrix.conf file, as well). If the /etc/rc.config file can not
be read and the /etc/sia/matrix.conf file either can not be read or
does not have an appropriate siad_ses_init line, then the sulogin pro‐
gram checks to see whether the /etc/passwd file contains a valid entry
for root and whether the getespwnam("root") function returns a valid
extended profile. If both profile entries exist, but only one has a
valid encrypted password field, that profile (and thus that security
policy) is used. If both passwords are valid, the BASE security policy
is used.
Once the sulogin program has determined which security policy to use,
it checks whether that policy has a valid account entry for user root
(if not already checked while determining which policy to use), and
whether that entry has a password that can be matched. If the password
is impossible to match, or if no valid root profile exists, then sulo‐
gin prints a warning and execs /sbin/sh as previously described. For
BASE security, a null encrypted password field for root causes the pro‐
gram to exec /sbin/sh without complaining.
If there is a matchable root password, sulogin prints out "Single-user
root login" and prompts for the password. If the entered password does
not match (after the appropriate encryption if non-null), the program
waits for 5 seconds (to deter break-in attempts, displays "Sorry", and
re-prompts. If the program is interrupted or receives and end-of-file
condition while attempting to read a password from the console termi‐
nal, it simply exits. This normally causes init to enter multi-user
mode (It depends on system configuration information in /etc/inittab,
specifically the entry marked with "initdefault", which ships at run-
level "3"). This may also cause init to prompt for a run level, or to
restart the sulogin program.
Finally, if a password was collected, and it did match, the exec of
/sbin/sh is done. If that exec fails, the reason for the failure is
displayed, and the program sleeps for 5 seconds before exiting. Upon
exiting control of the console is returned to the init process, as pre‐
viously described for interrupt or end-of-file.
FILES
/etc/rc.config
/etc/sia/matrix.conf
/etc/passwd
/tcb/files/auth.db (/tcb/files/auth/r/root)
SEE ALSOlogin(1), getpwnam(3), getespwnam(3), dispcrypt(3), matrix.conf(4),
init(8)
Security
sulogin(8)