emergency-login — perform emergency/rescue mode login




emergency-login is a very simple login program that is designed to operate in the emergency and rescue modes (see system-control(1)).

Its function is restricted compared to the usual login(1) program:

  • It does not use PAM or the login.conf(5) subsystem.

  • It only uses the system account database and access to that is directly through the endpwent(3), endspent(3), getpwuid(3) and getspnam(3) library functions.

  • It only allows login as the superuser. It looks up the account database entry by the superuser user ID, 0. If more than one record in the database has this ID, which one's password is used depends from how the getpwuid(3) library function works.

  • It fails open in the event of a missing password (or shadow) file. If getpwuid(3) (or getspnam(3)) fails for some reason, it issues no prompt and acts as if the correct password had been entered.

  • It does not record anything in the accounting logs. The filesystem containing them might not be mounted in emergency mode, or might be mounted read-only. For that and other reasons, it does not use syslog(3).

  • It ignores any secure settings in the TTYs database (if the operating system has one).

  • It ignores all settings in the account database relating to password expiry.

  • It tries hard to execute a shell. If it cannot execute the shell listed in the account record, it attempts to fall back to the program denoted by the SHELL environment variable, or the program hardwired as the platform's _PATH_BSHELL setting at compilation time.

  • It does not tell the shell that it is a login shell, in order that the shell does not attempt to source "rc" scripts that may not be appropriate for emergency/rescue mode.

  • It alters no environment variables at all, and does not attempt to change into a home directory.

Like login(1), it should be chained to by vc-get-tty(1) and open-controlling-tty(1).

It is usually invoked on the console by means of an emergency-login@console service. This is presumed to be a "secure" terminal that permits direct log-on by the superuser. Do not invoke it on non-"secure" terminals.


Jonathan de Boyne Pollard