On Wed, 21 Mar 2001, Berndt Josef Wulf wrote:

>Do you login as root first and then change the user with su?
>
>e.g.:
>
># su wulf
># su -l wulf     # same as su - wulf
>
>If so, it will exhibit the behaviour you described above.
>
>I consider this to be a bug especially when using the -l that
>requests a full login.
>
>>From the su man-page
>-l      Simulate a full login.  The environment is discarded except
>	for HOME, SHELL, PATH, TERM, USER, and SU_FROM.  HOME SHELL,
>	and SU_FROM are modified as above.
>
>Any comments?

The problem is, you are allowed to have more than one passwd entry
with the same uid (but different usernames).  The only identification
which the passwd command can trust absolutely is the real-uid, but in
the case of multiple usernames with the same uid, this is not enough.

Some versions of passwd resolve the problem by getting the utmp entry
for the terminal to find the username (and bailing out if the uid of
that passwd entry doesn't match the real-uid of the current process).
I suspect this is what is happening, because su -l probably doesn't
chown the control terminal.  I once hit a similar problem (on Solaris,
I think) when I was trying to run passwd through expect, and there
wasn't a utmp entry for the pty which expect was using.



Roger

------------------------------------------------------------------------------
Roger Brooks (Systems Programmer),          |  Email: R.S.Brooks@liv.ac.uk
Computing Services Dept,                    |  Tel:   +44 151 794 4441
The University of Liverpool,                |  Fax:   +44 151 794 4442
PO Box 147, Liverpool L69 3BX, UK           | 
------------------------------------------------------------------------------