Can log in only as root, even with a fresh user

mipcer · 19 September 2023 01:09

Hallo,

I updated my install today and am unable to log-in through gdm. When access tty, I also can only log-in as root. Any other user will give me an “incorrect login” error.

I tried:

useradd --create-home --password 123 --uid 1000 --gid 1000 --groups wheel --shell /bin/bash test

but trying to log-in as “test” with the password “123” doesn’t work.

I checked, and “test” is not blocked by faillock.

ls -la /home gives me

drwx------ 3 test test 4096 19. Sept 02:50

df -h seems to indicate that I have some free space left

I am totally at the end of my wits.

megavolt · 19 September 2023 03:02

sudo passwd username

linux-aarhus · 19 September 2023 05:16

You should be aware that if you enter the password as part of the command it will be stored in the history file e.g. .bash_history - in clear text.

The correct method is to create the user - then assign a password using the passwd command - use the --expire to force the user to change the password on login

That won’t work - you need an encrypted value

 $ man useradd
[...]
       -p, --password PASSWORD
           defines an initial password for the account. PASSWORD is expected
           to be encrypted, as returned by crypt (3). Within a shell script,
           this option allows to create efficiently batches of users.

           Without this option, the new account will be locked and with no
           password defined, i.e. a single exclamation mark in the respective
           field of /etc/shadow. This is a state where the user won't be able
           to access the account or to define a password himself.

           Note:Avoid this option on the command line because the password
           (or encrypted password) will be visible by users listing the
           processes.

           You should make sure the password respects the system's password
           policy.
[...]

You can use openssl to create the password.

 $ openssl passwd --help
Usage: passwd [options] [password]

General options:
 -help               Display this summary

Input options:
 -in infile          Read passwords from file
 -noverify           Never verify when reading password from terminal
 -stdin              Read passwords from stdin

Output options:
 -quiet              No warnings
 -table              Format output as table
 -reverse            Switch table columns

Cryptographic options:
 -salt val           Use provided salt
 -6                  SHA512-based password algorithm
 -5                  SHA256-based password algorithm
 -apr1               MD5-based password algorithm, Apache variant
 -1                  MD5-based password algorithm
 -aixmd5             AIX MD5-based password algorithm

Random state options:
 -rand val           Load the given file(s) into the random number generator
 -writerand outfile  Write random data to the specified file

Provider options:
 -provider-path val  Provider load path (must be before 'provider' argument if required)
 -provider val       Provider to load (can be specified multiple times)
 -propquery val      Property query used when fetching algorithms

Parameters:
 password            Password text to digest (optional)

With the above warning in mind …

openssl passwd -6 123

you could use it as part the useradd command like this

useradd ...  --password $(openssl password -6 123) ...

Keruskerfuerst · 19 September 2023 13:35

Why do you add a new user with command line ?

Aragorn · 4 October 2023 17:08