sulogin - single-user login program (Enhanced Security)
The sulogin program is run by the init process on the console terminal when
entering single-user mode. The sulogin program checks the system confi-
guration to determine whether entering single-user mode requires entering
the root password. If it does not, then sulogin execs /sbin/sh with its
argv set to "-". That same exec is also done if the root password is
The decision to enter the single-user mode depends on the state of the sys-
tem configuration files. If the files cannot be read, then defaults are
assumed (as described below). Therefore, the loss of a configuration file
does not prevent access to the system console for repairing the problem.
The sulogin program first checks the /etc/rc.config file for a the
SECURE_CONSOLE variable. If such a variable is present, and it is set to a
true value (either "TRUE", "ON", "YES", or "1"), then the program asks for
the root password. The value of the SECURE_CONSOLE variable is checked in
a case-independent fashion, and only a minimal match is necessary. Thus,
the value is really checked against the following regular expression:
If the SECURE_CONSOLE variable is present, but does not have one of the
true values, then sulogin does not ask for the root password, but simply
execs /sbin/sh as previously described.
If the SECURE_CONSOLE variable is not found in the /etc/rc.config file, or
if that file is missing or unreadable, then an attempt is made to obtain
the value of the console firmware setting of the SECURE variable, using the
GSI_PROM_ENV function of the getsysinfo() system call. If the check deter-
mines the console commands are password- protected, the sulogin program
requests the root password.
If sulogin has made the decision to request the root password, it also
determines whether BASE or ENHANCED security should be used to validate
that password. This is done using the value of the SECURITY variable from
the /etc/rc.config file, unless that file was not readable, in which case
the /etc/sia/matrix.conf file is read, looking for a line beginning with
the string "siad_ses_init=", and containing either "(OSFC2," or "(BSD,".
If the /etc/rc.config file was readable, but the SECURITY variable was not
set, then BASE security is assumed. (This is how the /sbin/init.d/security
script initializes the /etc/sia/matrix.conf file, as well). If the
/etc/rc.config file can not be read and the /etc/sia/matrix.conf file
either can not be read or does not have an appropriate siad_ses_init line,
then the sulogin program checks to see whether the /etc/passwd file con-
tains a valid entry for root and whether the getespwnam("root") function
returns a valid extended profile. If both profile entries exist, but only
one has a valid encrypted password field, that profile (and thus that secu-
rity policy) is used. If both passwords are valid, the BASE security pol-
icy is used.
Once the sulogin program has determined which security policy to use, it
checks whether that policy has a valid account entry for user root (if not
already checked while determining which policy to use), and whether that
entry has a password that can be matched. If the password is impossible to
match, or if no valid root profile exists, then sulogin prints a warning
and execs /sbin/sh as previously described. For BASE security, a null
encrypted password field for root causes the program to exec /sbin/sh
If there is a matchable root password, sulogin prints out "Single-user root
login" and prompts for the password. If the entered password does not
match (after the appropriate encryption if non-null), the program waits for
5 seconds (to deter break-in attempts, displays "Sorry", and re-prompts.
If the program is interrupted or receives and end-of-file condition while
attempting to read a password from the console terminal, it simply exits.
This normally causes init to enter multi-user mode (It depends on system
configuration information in /etc/inittab, specifically the entry marked
with "initdefault", which ships at run-level "3"). This may also cause
init to prompt for a run level, or to restart the sulogin program.
Finally, if a password was collected, and it did match, the exec of
/sbin/sh is done. If that exec fails, the reason for the failure is
displayed, and the program sleeps for 5 seconds before exiting. Upon exit-
ing control of the console is returned to the init process, as previously
described for interrupt or end-of-file.
login(1), getpwnam(3), getespwnam(3), dispcrypt(3), matrix.conf(4), init(8)