I had installed sudoer, set up a non-root user and configured the user's password. I also disabled root SSH log in access.
I added /etc/sudoers and /etc/sudoers.d/custom to /etc/sysupgrade.conf, which already has /etc/passwd and /etc/shadow.
All was well until I upgraded from an older LEDE trunk image to the latest LEDE trunk image. Once the router powered back on, I found I could not SSH into the router as the non-root user anymore. Each SSH login attempt was terminated immediately after I typed in the correct password.
Since I disabled root SSH access, I had to put the router into the openwrt failsafe mode. Fortunately, I did not have to do a full config reset. I only had to re-enable root SSH access in /overlay/upper/etc/config/dropbear.
After rebooting into normal mode, I reset the password of the non-root user. This caused /etc/shadow to be updated.
I want to make sense of what caused the lockout of the non-root user, and prevent it from happening again. It appears the password of the non-root user was lost due to the LEDE upgrade. Is that consistent with the symptoms described above? What else needs to be done to avoid this situation, given /etc/sysupgrade.conf already has /etc/shadow in it [by default]?