agetty: handle systems without a shell or /bin/login#4437
Open
mvanhorn wants to merge 2 commits into
Open
Conversation
When the login program (default /bin/login, or the one set with
--login-program) is missing or not executable, logging in is impossible.
Previously agetty still displayed the issue file and prompted for a
username, producing a confusing dead end.
Before prompting, check whether the login program is executable with
access(X_OK). If it is not, print a short banner ("This system does not
permit logins." by default, configurable with --nologin-message) and
wait for the user to press Enter, then re-check so an administrator who
installs the login program at runtime can proceed without a reboot. The
normal prompt flow is unaffected when the login program exists.
Add --nologin-message to override the banner text and document the new
behavior in agetty.8.adoc.
Closes util-linux#4117
Contributor
|
Lovely! thank you! |
keszybz
reviewed
Jun 22, 2026
Comment on lines
+660
to
+663
| /* Wait for Enter, then re-check the login program. */ | ||
| if (getc(stdin) == EOF) | ||
| return; | ||
| } |
Contributor
There was a problem hiding this comment.
Does this actually wait for Enter? It seems any key would work, if the input is not buffered. If it is buffered, it'd wait until Enter, and then do a tight loop. I think the EOF condition shouldn't fire, if this is connected to a console. I don't understand this loop.
Collaborator
|
Thanks! Notes:
|
Address review notes from Karel: reword DEFAULT_NOLOGIN_MESSAGE so it tells the user a keypress re-checks for the login program, and skip wait_for_login_program() when --chroot is used since the path check would test the wrong root. Update the man page accordingly. Signed-off-by: Matt Van Horn <455140+mvanhorn@users.noreply.github.com>
Contributor
Author
|
Both notes addressed in 6a187af: the default message now reads 'Login is currently unavailable. Press any key to check again.' (which matches the actual behavior - the wait is a getc, so any key triggers the re-check), and wait_for_login_program() is skipped when --chroot is set, since the pre-chroot path check would test the wrong root. Man page updated to match. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Make agetty handle systems that have no shell and therefore no
/bin/login. Before showing the issue file and prompting for a username, agetty now checks whether the login program is executable. If it is not, agetty prints a short banner instead of prompting, and waits for the user to press Enter to re-check.A new
--nologin-messageoption lets the banner text be customized. The default message is "This system does not permit logins."Why this matters
This implements the request in #4117. Today agetty displays the issue file and prompts for a username even when login is impossible, producing a confusing dead end for the user. The behavior:
/bin/login, or the program set with--login-program) is missing or not executable, agetty prints the banner and does not prompt for a username or attempt to spawn login.access(X_OK)check, so an administrator who installs the login program at runtime can proceed without rebooting. If it is still missing, the banner is shown again.The check uses the resolved login path (
op->login, defaulting to_PATH_LOGIN), so pointing-l/--login-programat a non-existent path triggers the same behavior.Testing
util-linux builds on Linux only, so the change was validated by code review and a standalone syntax check of the new function (
gcc -Wall -Wextra -fsyntax-only, clean). The CI build will exercise the full compile.Manual scenarios to verify:
-lpointing at a non-existent path: same banner behavior.Closes #4117