netbsd-bugs: bin/23056: /etc/nologin can prevent super user from logging in if login.conf is present

Subject: bin/23056: /etc/nologin can prevent super user from logging in if login.conf is present
To: None <gnats-bugs@gnats.NetBSD.org>
From: None <gathorpe79@yahoo.com>
List: netbsd-bugs
Date: 10/05/2003 03:46:33
>Number:         23056
>Category:       bin
>Synopsis:       /etc/nologin can prevent super user from logging in if login.conf is present
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Oct 05 03:47:00 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator:     Gary Thorpe
>Release:        1.6
>Organization:
>Environment:
NetBSD 1.6 (DURON) #0: Sun Jul  6 20:47:32 EDT 2003
    root@ranger.elven.org:/usr/src/sys/arch/i386/compile/DURON
cpu0: AMD Athlon Model 7 (Morgan) (686-class), 1299.15 MHz
cpu0: I-cache 64 KB 64b/line 2-way, D-cache 64 KB 64b/line 2-way
cpu0: L2 cache 64 KB 64b/line 16-way
cpu0: features 383f9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR>
cpu0: features 383f9ff<PGE,MCA,CMOV,FGPAT,PSE36,MMX>
cpu0: features 383f9ff<FXSR,SSE>
total memory = 223 MB
avail memory = 205 MB
using 2887 buffers containing 11548 KB of memory
BIOS32 rev. 0 found at 0xfb3d0
mainbus0 (root)
pci0 at mainbus0 bus 0: configuration mode 1
pci0: i/o space, memory space enabled, rd/line, rd/mult, wr/inv ok
pchb0 at pci0 dev 0 function 0
pchb0: vendor 0x1106 product 0x3116 (rev. 0x00)
agp0 at pchb0: aperture at 0xd0000000, size 0x10000000
ppb0 at pci0 dev 1 function 0: vendor 0x1106 product 0xb091 (rev. 0x00)
pci1 at ppb0 bus 1
pci1: i/o space, memory space enabled
vga0 at pci1 dev 0 function 0: vendor 0x5333 product 0x8d04 (rev. 0x00)
wsdisplay0 at vga0 kbdmux 1: console (80x25, vt100 emulation)
wsmux1: connecting to wsdisplay0
vendor 0x14f1 product 0x2f00 (miscellaneous communications, revision 0x01) at pci0 dev 9 function 0 not configured
rtk0 at pci0 dev 11 function 0: RealTek 8139 10/100BaseTX
rtk0: interrupting at irq 12
rtk0: Ethernet address 00:04:61:45:6b:0c
ukphy0 at rtk0 phy 7: Generic IEEE 802.3u media interface
ukphy0: OUI 0x000000, model 0x0000, rev. 0
ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
pcib0 at pci0 dev 17 function 0
pcib0: vendor 0x1106 product 0x3147 (rev. 0x00)
pciide0 at pci0 dev 17 function 1: VIA Technologies VT8233A ATA133 controller
pciide0: bus-master DMA support present
pciide0: primary channel configured to compatibility mode
wd0 at pciide0 channel 0 drive 0: <Maxtor 2F030J0>
wd0: drive supports 16-sector PIO transfers, LBA addressing
wd0: 29325 MB, 16383 cyl, 16 head, 63 sec, 512 bytes/sect x 60058656 sectors
wd0: 32-bit data port
wd0: drive supports PIO mode 4, DMA mode 2, Ultra-DMA mode 6
pciide0: primary channel interrupting at irq 14
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 (Ultra/100) (using DMA data transfers)
pciide0: secondary channel configured to compatibility mode
atapibus0 at pciide0 channel 1: 2 targets
cd0 at atapibus0 drive 0: <LITE-ON LTR-52246S, , 6S0A> type 5 cdrom removable
cd0: 32-bit data port
cd0: drive supports PIO mode 4, DMA mode 2, Ultra-DMA mode 2 (Ultra/33)
cd1 at atapibus0 drive 1: <HL-DT-ST CD-ROM GCR-8520B, , 1.00> type 5 cdrom removable
cd1: 32-bit data port
cd1: drive supports PIO mode 4, DMA mode 2
pciide0: secondary channel interrupting at irq 15
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 (Ultra/33) (using DMA data transfers)
cd1(pciide0:1:1): using PIO mode 4, DMA mode 2 (using DMA data transfers)
vendor 0x1106 product 0x3038 (USB serial bus, revision 0x23) at pci0 dev 17 function 2 not configured
vendor 0x1106 product 0x3038 (USB serial bus, revision 0x23) at pci0 dev 17 function 3 not configured
vendor 0x1106 product 0x3059 (audio multimedia, revision 0x40) at pci0 dev 17 function 5 not configured
isa0 at pcib0
com0 at isa0 port 0x3f8-0x3ff irq 4: ns16550a, working fifo
com1 at isa0 port 0x2f8-0x2ff irq 3: ns16550a, working fifo
pckbc0 at isa0 port 0x60-0x64
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
lpt0 at isa0 port 0x378-0x37b irq 7
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
sysbeep0 at pcppi0
npx0 at isa0 port 0xf0-0xff: using exception 16
fdc0 at isa0 port 0x3f0-0x3f7 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB, 80 cyl, 2 head, 18 sec
apm0 at mainbus0: Power Management spec V1.2
apm0: A/C state: on
apm0: battery charge state: no battery
biomask ef65 netmask ff65 ttymask ffe7
boot device: wd0
root on wd0a dumps on wd0b
root file system type: ffs
wsdisplay0: screen 1 added (80x25, vt100 emulation)
wsdisplay0: screen 2 added (80x25, vt100 emulation)
wsdisplay0: screen 3 added (80x25, vt100 emulation)
wsdisplay0: screen 4 added (80x25, vt100 emulation)

>Description:
When /etc/nologin is created, it can stop 'login' from allowing the super user to log into the machine. This happens repeatedly when /etc/login.conf is present as follows:

# Define classes: 
# Super users - root, toor, (root priviledged).
# Psuedo users - daemons, uucp, nobody (unpriviledged user).
# Regular users - Joe Blow user (includes me), this is also the default.

superuser|Users with root priviledges:\
	ignorenologin:\
	login-backoff=2\
	login-retries=5

psuedouser|Psuedo users who do not log in:\
	hushlogin:\
	nologin=/var/run/nologin:

user|default|Normal users:
	nologin=/var/run/nologin:\
	path=/bin /usr/bin /usr/pkg/bin /usr/local/bin:\
	requirehome:

Note that this file says explicitly that superusers should ignore any nologin file. It also seems that the 'nologin=filename' specification does not work and that 'login' is hardwaired to look for /etc/nologin only.
>How-To-Repeat:
Copy the file contents above to /etc/login.conf, do a 'touch /etc/nologin' and try to log in as root on a virtual terminal. Rename /etc/login.conf and try again (you should be able to log in).
>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted: