Bug 12046

Summary: Can’t login as root user after upgrading to buildroot 2019.02
Product: buildroot Reporter: liadekel123
Component: OtherAssignee: Carlos Santos <unixmania>
Status: RESOLVED INVALID    
Severity: normal CC: buildroot
Priority: P5    
Version: 2019.02   
Target Milestone: ---   
Hardware: Other   
OS: Linux   
Host: Target:
Build:

Description liadekel123 2019-07-18 17:49:54 UTC 
Hi everyone, 
2 weeks ago we upgraded our buildroot version from 2018.03 to 2019.02 . 
Until now we were using getty in order to login, and enabled login with 
root user on our defconfig.

After upgrading as described above, we can’t  login with root user,
While with standard user we do succeed.
As I saw one of the changes between the versions was that md5 is no longer supported to hash the shadow file (same shadow file which contains our standard user details).
We did tried to change the root password without any further success.

I’ll appreciate any ideas ... 
Many Thanks (:
Comment 1 Carlos Santos 2019-07-18 18:56:51 UTC 
Please run the following commands

    $ make savedefconfig BR2_DEFCONFIG=/tmp/bz12046.defconfig
    $ gzip /tmp/bz12046.defconfig

Then attach the resulting /tmp/bz12046.defconfig.gz file to this bug.
Comment 2 Carlos Santos 2019-07-27 00:07:38 UTC 
No reply from submitter after 7 days.
Comment 3 liadekel123 2019-07-27 06:38:24 UTC 
Hey Carlos,
Sorry about the delay. We solved the problem...
Apparently the version of login in buildroot 2019.02 use securetty file which lists all the devices root user is allowed to login from :|

Many Thanks,
Liad
Comment 4 Carlos Santos 2019-07-27 20:45:01 UTC 
(In reply to liadekel123 from comment #3)

/etc/securetty is required by pam_securetty, which is part of pam-linux. It is
not used by default neither by the busybox login nor by the util-linux one. What
is the contents of your /etc/pam.d/login file?
Comment 5 liadekel123 2019-07-28 13:50:39 UTC 
(In reply to Carlos Santos from comment #4)
There is no pam.d in my rootfs...
Comment 6 Carlos Santos 2019-07-29 01:35:54 UTC 
(In reply to liadekel123 from comment #5)

OK, I was able to reproduce the problem with the following defconfig:

BR2_x86_64=y
BR2_DL_DIR="$(HOME)/src"
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_DOWNLOAD=y
BR2_TOOLCHAIN_EXTERNAL_URL="https://toolchains.bootlin.com/downloads/releases/toolchains/x86-64-core-i7/tarballs/x86-64-core-i7--glibc--bleeding-edge-2018.11-1.tar.bz2"
BR2_TOOLCHAIN_EXTERNAL_GCC_8=y
BR2_TOOLCHAIN_EXTERNAL_HEADERS_4_14=y
BR2_TOOLCHAIN_EXTERNAL_CUSTOM_GLIBC=y
BR2_TOOLCHAIN_EXTERNAL_CXX=y
BR2_TOOLCHAIN_EXTERNAL_GDB_SERVER_COPY=y
BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_EUDEV=y
BR2_SYSTEM_DHCP="eth0"
BR2_SYSTEM_ENABLE_NLS=y
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/x86_64/linux.config"
BR2_TARGET_ROOTFS_EXT2=y
# BR2_TARGET_ROOTFS_TAR is not set

123456789012345678901234567890123456789012345678901234567890123456789012

The problem happens with Busybox login:

- If linux-pam is NOT selected
  - If /etc/securetty does not exist root can log in without restrictions
  - If /etc/securetty exists then root can log in only on terminals listed there
- If linux-pam is selected
  - If pam_securetty is NOT enabled in /etc/pam.d/login then /etc/securetty is ignored
  - If pam_securetty is enabled with "auth required pam_securetty.so"
    - If /etc/securetty does not exist root can log in without restrictions
    - If /etc/securetty exists then can log in only on terminals listed there

Considering that by default Buildroot does NOT install a /etc/securetty file I'm keeping this bug as RESOLVED but changing the resolution reason from NEEDINFO to INVALID.
Comment 7 liadekel123 2019-07-29 04:24:18 UTC 
(In reply to Carlos Santos from comment #6)
But linux-pam was NOT selected in our config and still 
root wasn’t able to log in without the /etc/securetty file.