Subject: changing password using sudo and su....
To: None <>
From: Sergio Jimenez <>
List: tech-security
Date: 03/30/2004 23:56:10
Content-Type: text/plain; charset=US-ASCII
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

	First of all I'd like to say, I don't if the following is a problem, or the normal behaviour of the related commands, but I have to ask, sorry if this the proper functionality.

I have an old sparcstation5 without any other access method rather than ssh or serial, so I've configured sudo to do the normal maintenance from my user (sergio), also I've included "su -" ,in the sudo config, to switch to root.
Some minutes ago, I was changing the "/etc/passwd.conf" in order to use blowfish, then I've switched from "sergio" to "root" to update root's password, and my surprise was when I saw how sergio's password got changed and the root's still using the same. Look next lines, please:


sergio@bender$ id
uid=1000(sergio) gid=100(users) groups=100(users)

sergio@bender$ sudo su -
Terminal type is screen.                                                                                
root@bender# id
uid=0(root) gid=0(wheel) groups=0(wheel),2(kmem),3(sys),4(tty),5(operator),20(staff),31(guest)

root@bender# passwd
Changing local password for sergio.



NetBSD bender 2.0 NetBSD 2.0 (BENDER) #2: Tue Mar 30 01:24:50 BST 2004

sudo- (from pkgsrc-2004Q1)

Anyone could explain what's going on here?


Sergio Jimenez <>

"....Choose a fucking big computer, choose disk arrays the size of washing machines,  \
     modem racks, CD-ROM writers, and electrical coffee makers. Choose no sleep, high \
     caffeine and mental insurance..."

NetBSD -- what else do you need ? (running it on x86 && sparc)

Content-Type: application/pgp-signature

Version: GnuPG v1.2.4 (NetBSD)