Security
cancel
Showing results for 
Search instead for 
Did you mean: 

Invalid root entry in /etc/passwd

Qing Zhu
Advisor

Invalid root entry in /etc/passwd

Hi,
I used commands "rcmgr set SECURE_CONSOLE YES"
"rcmgr -n 0 set SECURITY ENHANCED" to force a passwd to be required in single-user mode. It worked fine. Then I 'dd' the whole disk to another one. When booting the cloned disk into single-user mode, it shows "invalid root entry in /etc/passwd" and logon as root without asking for passwd. I checked the root entry, it appears okay to me, also no problem at all when logon as root in graphic mode.
I tried to seconfig security under sysman, but it doesnt work. Could anybody help me out of this?

Thanks,
Qing
3 REPLIES
Qing Zhu
Advisor

Re: Invalid root entry in /etc/passwd

I fixed it.
It's because SECURITY="ENHANCED" is missing from /etc/rc.config. I guess sulogin assumes it to be base seruity and got that error.

Thanks.
Ralf Puchner
Honored Contributor

Re: Invalid root entry in /etc/passwd

the named variable will be set automatically if using the supported setup tool secconfig or sms station.
Help() { FirstReadManual(urgently); Go_to_it;; }
Ann Majeske
Honored Contributor

Re: Invalid root entry in /etc/passwd

Ralf, that's not true in this specific case. The sulogin command (to require the root password for single user mode) can only be set by setting the SECURE_CONSOLE runtime configuration variable via rcmgr, there isn't a sysman option to set it. There's also a bug in sulogin for V5.* (fixed in the current or next patch kit, I forget which) where sulogin is only looking in /etc/rc.config file for the SECURITY variable, not the /etc/rc.config.common file where the SECURITY variable is currently set by secconfig. So, Qing is right that he needed to set the SECURITY variable in /etc/rc.config in order for this to work. What puzzles me is that the SECURITY variable wasn't in the copy of the /etc/rc.config file made by dd. /etc/rc.config is a cdsl, perhaps the dd command doesn't copy cdsls correctly?

Ann