Subject: Re: passwd
To: None <firstname.lastname@example.org>
From: maximum entropy <email@example.com>
Date: 06/29/1997 03:35:41
>From: firstname.lastname@example.org (Brian Hechinger )
>matthew green drunkenly mumbled...
>> if i'm root, i can change the password file manually. why should
>> passwd(1) ask me for a password when i can make it anything i like
>> anyway ?
>that's it, i'm going to bed. nevermind. :)
Don't give up that easily.
I know that on one occasion, a user forgot her password, and called me
up to change it. Having been up for about 3 days at that point, I
accidentally typed just "passwd" instead of "passwd user". When the
user called back later saying she still couldn't get in, I figured I
had just fat-fingered her password twice in the same way, so I reset
it for her, correctly this time.
The next day, when I couldn't log in as root, I realized what I had
done, and (fortunately) remembered the password I had tried to set for
I realize that the general UNIX philosophy is "if you screw up, well,
you screwed up." But I think there's a case that could be made here
that requiring root's old password when changing root's password wou;d
be a useful safety feature to keep us from breaking our own machines.
entropy -- it's not just a good idea, it's the second law.
This message may refer to a product containing software developed by
Christopher G. Demetriou for the NetBSD Project.