Subject: changing root's password changes login user instead
To: None <tech-userlevel@NetBSD.org>
From: Jeremy C. Reed <firstname.lastname@example.org>
Date: 05/04/2007 13:28:55
On NetBSD, logging in as a non-root user and then "su" to root followed
by "passwd" will reset the original logged in user's password.
I was using NetBSD 3.1. But I tested on a more recent -current also.
It is often suggested that to change root's password to use "passwd root".
It doesn't display the "Changing local password for ...". Can we re-add
that? (Does this need to be done in PAM?)
It appears to use getlogin(2) while other implementations use getuid(3)
It doesn't check if there is a login/uid mismatch. Can we add a check for
So the behaviour in this example of
passwd # no arguments
is different between FreeBSD and NetBSD.
I am not sure if "passwd(1)" is even covered by Open Group's Single UNIX
specification or POSIX. (Does anyone know?)
Any comments on the differences of behaviour?
Should we have it output what username is being changed?
If we don't fix this to abort on login/uid mismatch, we should add a
warning to our passwd.1 man page so this is clear. Because users coming
from a another Unix may unknowingly change wrong password and potentially
lock themselves out if they didn't know what happened.
Jeremy C. Reed
p.s. This happened to me due to jumping from system to system.
p.p.s. I am working on a generic beginning BSD admin book and want to make
sure it is clear for newbies.