tech-userlevel: Re: changing root's password changes login user instead

Subject: Re: changing root's password changes login user instead
To: None <tech-userlevel@NetBSD.org>
From: John Nemeth <jnemeth@victoria.tc.ca>
List: tech-userlevel
Date: 05/05/2007 02:42:58
On Aug 20,  4:38am, "Jeremy C. Reed" wrote:
} On Fri, 4 May 2007, Thor Lancelot Simon wrote:
} > On Fri, May 04, 2007 at 01:28:55PM -0500, Jeremy C. Reed wrote:
} > >
} > > On NetBSD, logging in as a non-root user and then "su" to root followed 
} > > by "passwd" will reset the original logged in user's password.

     I've been admining UNIX systems for over 15 years on a variety of
OSes and as far as I can recall, this is how it has always worked.

} > Of course it does -- it you want the system to behave as if you logged
} > in as root, use 'su - root'.  Otherwise, you get root's uid with your own
} > login environment -- which is what Unix su has done for as long as I can
} > remember, anyway.  "Unix gives you enough rope."
} 
} I can't repeat that on my NetBSD systems. I tried on 3.1 and also 3.99.24.
} I also tried "su -l root" (but - is -l).
} 
} Can anyone else please test this?
} 
} For example on NetBSD 3.1:
} 
} $ id
} uid=1002(reed) gid=100(users) groups=100(users),0(wheel)
} $ echo $USER $LOGNAME
} reed reed
} $ su -l root
} Password: <-- typed in my long password
} Terminal type is xterm.                                                 
} c-0500# id
} uid=0(root) gid=0(wheel) 
} groups=0(wheel),2(kmem),3(sys),4(tty),5(operator),20(staff),31(guest)
} c-0500# echo $USER $LOGNAME
} root root
} c-0500# passwd
} New Password: <-- I type in "abc" here
} Retype New Password:  <-- abc
} Please enter a longer password.
} New Password: <-- abc
} Retype New Password: <-- abc
} c-0500# exit
} $ id
} uid=1002(reed) gid=100(users) groups=100(users),0(wheel)
} $ su
} Password: <-- I typed in abc
} su: Sorry: authentication error
} $ passwd
} Old Password: <-- abc .... that works but is not what I expected :(
} New Password: <-- reset my password to what it was
} Retype New Password: <-- again
} $ su
} Password: <-- my original password works
} # 
} 
} Am I the only one with this problem?

{1} uname -a
NetBSD vinewsgroup 1.6.2_STABLE NetBSD 1.6.2_STABLE (VIN_GATEWAY) #0: Wed Apr 13 16:45:28 PDT 2005     jnemeth@vinewsgroup:/usr/src/sys/arch/i386/compile/VIN_GATEWAY i386
{2} id
uid=200(jnemeth) gid=50(group) groups=50(group),0(wheel)
{3} echo $USER $LOGNAME
jnemeth jnemeth
{4} su -l toor
Password:
Terminal type is vt100.
# id
uid=0(root) gid=0(wheel) groups=0(wheel)
# echo $USER $LOGNAME
LOGNAME: Undefined variable.
# echo $USER
toor
# echo $LOGNAME
LOGNAME: Undefined variable.
# passwd
Changing local password for jnemeth.
New password:

# setenv LOGNAME root
# echo $LOGNAME
root
# passwd
Changing local password for jnemeth.
New password:

# exit

{5} id
uid=200(jnemeth) gid=50(group) groups=50(group),0(wheel)
{6} su toor
Password:
{1} echo $USER $LOGNAME
jnemeth jnemeth
{2} passwd
Changing local password for jnemeth.
New password:

Note that the passwd program uses getlogin() to determine who you are
and passes that to getpwnam().

} > I believe you can also change the behavior of passwd by changing the
} > value of the $USER or $LOGNAME environment variables.

     Nope.

} Also what about the regression? Before PAM (I think), it used to display: 
} "Changing local password for ..."

     Ignoring the nitpick that the password may not be local, I'll add
this message.

}-- End of excerpt from "Jeremy C. Reed"