<p>BTW seems gmail is retarded and thought the bulk of that message was quoted when it wasn't... be sure to read the whole thing if gmail screws it up for you. :(</p>
<div class="gmail_quote">On Sep 2, 2011 10:40 PM, "Michael Trausch" <<a href="mailto:mike@trausch.us">mike@trausch.us</a>> wrote:<br type="attribution">> On 09/01/2011 03:34 PM, John Temple wrote:<br>>> I have a RHEL 5 VM system that will not allow us to login from the<br>
>> console. We have tried to use both a valid user and root, for both of<br>>> them after entering the username "Invalid Username" (or something like<br>>> that) flashes and then we are returned to the login prompt. We have also<br>
>> tried booting into single user mode by editing the grub command line. No<br>>> dice there either. Any suggestions on how to get the system back up?<br>> <br>> I had to come to the computer to reply to this...<br>
> <br>> Assuming that RHEL uses the same underlying base as most other<br>> distributions, the login process on the console should be:<br>> <br>> 1. Some form of getty (this is what issues the "login: " prompt),<br>
> your system may use agetty or another implementation. Check its<br>> man page for how it works.<br>> 2. You enter a username. The getty implementation should then spawn<br>> /bin/login $LOGIN (which is what prompts for the password). If<br>
> the correct password is specified, then login will setup the user<br>> environment and spawn the user's shell. (see "man login")<br>> 3. If the initially provided password is incorrect (or if the login<br>
> is invalid), /bin/login will then ITSELF prompt for a password.<br>> It will do this usually 3 to 6 times (my system is configured for<br>> 3, and the limit is configured in /etc/login.defs).<br>
> <br>> Allow me to demonstrate; the first session is me logging in as a user<br>> that does _not_ exist on my workstation; the second session is me<br>> logging in as a user that _does_ exist on my workstation:<br>
> <br>> ================= Logging in as invalid user =========================<br>> mbt@aloe ~ % sudo -i<br>> aloe ~ # exec /bin/login afas<br>> Password:<br>> <br>> Login incorrect<br>> aloe login: afas<br>
> Password:<br>> <br>> Login incorrect<br>> aloe login: afas<br>> Password:<br>> Maximum number of tries exceeded (3)<br>> mbt@aloe ~ %<br>> ================= Logging in as invalid user =========================<br>
> <br>> Note that it returned to my normal user's shell prompt because the "exec<br>> /bin/login" line replaced the root shell that I spawned via sudo with<br>> the /bin/login process; once /bin/login terminated, the sudo session was<br>
> over and returned back to the parent shell which spawned sudo.<br>> <br>> Here is a session with a valid user:<br>> <br>> ================== Logging in as valid user ==========================<br>> mbt@aloe ~ % sudo -i<br>
> aloe ~ # exec /bin/login mbt<br>> Password:<br>> Last login: Fri Sep 2 22:23:12 EDT 2011 on pts/4<br>> mbt@aloe ~ % exit<br>> mbt@aloe ~ %<br>> ================== Logging in as valid user ==========================<br>
> <br>> Here, I entered the correct password and login behaved as it should<br>> have, logging me in. Here is a third session, valid user, bad passwords:<br>> <br>> ================== Logging in w/ bad passwd ==========================<br>
> mbt@aloe ~ % sudo -i<br>> Password:<br>> aloe ~ # exec /bin/login mbt<br>> Password:<br>> <br>> Login incorrect<br>> aloe login: mbt<br>> Password:<br>> <br>> Login incorrect<br>> aloe login: mbt<br>
> Password:<br>> Maximum number of tries exceeded (3)<br>> ================== Logging in w/ bad passwd ==========================<br>> <br>> So, you can see here, the correct message (and the one that I have seen<br>
> on virtually every system I've ever mistyped my username, password, or<br>> both on at the console practically since I started using Linux-based<br>> systems over 15 years ago) is "Login incorrect".<br>
> <br>> Something is not right. I would not be so quick to blame something<br>> innocuous for your problems, either; see this:<br>> <br>> mbt@aloe ~ % sudo strings /bin/login|grep -i invalid<br>> Invalid root directory '%s'<br>
> invalid root `%s' for user `%s'<br>> mbt@aloe ~ % sudo strings /bin/login|grep -i user<br>> ruserok<br>> ((void *)0) != ptr_pam_user<br>> ((void *)0) == username<br>> cannot find user %s<br>> ((void *)0) != username<br>
> get_pam_user<br>> unable to change owner or mode of tty stdin for user `%s': %s<br>> bad user ID `%d' for user `%s': %s<br>> bad group ID `%d' for user `%s': %s<br>> initgroups failed for user `%s': %s<br>
> USER<br>> unable to cd to `%s' for user `%s'<br>> invalid root `%s' for user `%s'<br>> no subsystem root `%s' for user `%s'<br>> USERDEL_CMD<br>> USERGROUPS_ENAB<br>> mbt@aloe ~ % sudo strings /bin/login|grep -i ncor<br>
> Login incorrect<br>> <br>> There is a "cannot find user %s" string in there, but it is only ever<br>> logged to the system logger:<br>> <br>> mbt@aloe shadow-4.1.4.3 % find . -name '*.c' -o -name '*.h' | xargs grep<br>
> -n 'cannot find user'<br>> ./src/login.c:886:                SYSLOG ((LOG_ERR, "cannot find user %s", failent_user));<br>> ./src/login.c:1166:                                 "cannot find user %s after update of<br>> expired password",<br>
> <br>> I'd copy and paste the function it was in, src/login.c has only one<br>> function (main) and it is over 1,000 lines long (sheesh!) so I'll skip that.<br>> <br>>> A couple of things that we have noticed:<br>
>> 1. When the VM boots the system displays a couple of failures most<br>>> noteably iptables and xinetd.<br>> <br>> What are the failures, exactly? Do they come from a script expecting to<br>> load firewall rules, or do they indicate the lack of loaded kernel modules?<br>
> <br>>> 2. A few weeks ago a co-worker said that he had trouble with the system<br>>> saying that it was in read only mode.<br>> <br>> This could be anything. Bad filesystem, failure to remount read-write<br>
> in the boot process (e.g., modified, missing, or [unlikely!] corrupt<br>> init scripts), an explicit remount read-only shortly enough after being<br>> mounted read-write that it is allowed to take effect... anything.<br>
> <br>> I realize that relative to those who have answered your thread, I have<br>> no credentials. But I have cleaned up after several a break in, and I'm<br>> telling you, this smells like one to me. (I would hope that I am<br>
> wrong... but it doesn't seem likely.) It is either that, or RHEL<br>> doesn't use standard /bin/login, and I'm not sure which would frighten<br>> me more. (Note that I'm not saying I like the coding style of the<br>
> ubiquitous one from the shadow package... but I've used it for years and<br>> it's on every box I am aware of. It's standard. It's known.<br>> Therefore, it's tested and likely to be good.)<br>
> <br>> I'd at the very least like to hear back when you figure out what's up<br>> with the box, for no other reason than I am curious.<br>> <br>>         --- Mike<br>> <br>> -- <br>> A man who reasons deliberately, manages it better after studying Logic<br>
> than he could before, if he is sincere about it and has common sense.<br>> --- Carveth Read, “Logic”<br></div>