Subject: Re: changing root's password changes login user instead
To: None <tech-userlevel@NetBSD.org>
From: John Nemeth <jnemeth@victoria.tc.ca>
List: tech-userlevel
Date: 05/05/2007 02:42:58
On Aug 20, 4:38am, "Jeremy C. Reed" wrote:
} On Fri, 4 May 2007, Thor Lancelot Simon wrote:
} > On Fri, May 04, 2007 at 01:28:55PM -0500, Jeremy C. Reed wrote:
} > >
} > > On NetBSD, logging in as a non-root user and then "su" to root followed
} > > by "passwd" will reset the original logged in user's password.
I've been admining UNIX systems for over 15 years on a variety of
OSes and as far as I can recall, this is how it has always worked.
} > Of course it does -- it you want the system to behave as if you logged
} > in as root, use 'su - root'. Otherwise, you get root's uid with your own
} > login environment -- which is what Unix su has done for as long as I can
} > remember, anyway. "Unix gives you enough rope."
}
} I can't repeat that on my NetBSD systems. I tried on 3.1 and also 3.99.24.
} I also tried "su -l root" (but - is -l).
}
} Can anyone else please test this?
}
} For example on NetBSD 3.1:
}
} $ id
} uid=1002(reed) gid=100(users) groups=100(users),0(wheel)
} $ echo $USER $LOGNAME
} reed reed
} $ su -l root
} Password: <-- typed in my long password
} Terminal type is xterm.
} c-0500# id
} uid=0(root) gid=0(wheel)
} groups=0(wheel),2(kmem),3(sys),4(tty),5(operator),20(staff),31(guest)
} c-0500# echo $USER $LOGNAME
} root root
} c-0500# passwd
} New Password: <-- I type in "abc" here
} Retype New Password: <-- abc
} Please enter a longer password.
} New Password: <-- abc
} Retype New Password: <-- abc
} c-0500# exit
} $ id
} uid=1002(reed) gid=100(users) groups=100(users),0(wheel)
} $ su
} Password: <-- I typed in abc
} su: Sorry: authentication error
} $ passwd
} Old Password: <-- abc .... that works but is not what I expected :(
} New Password: <-- reset my password to what it was
} Retype New Password: <-- again
} $ su
} Password: <-- my original password works
} #
}
} Am I the only one with this problem?
{1} uname -a
NetBSD vinewsgroup 1.6.2_STABLE NetBSD 1.6.2_STABLE (VIN_GATEWAY) #0: Wed Apr 13 16:45:28 PDT 2005 jnemeth@vinewsgroup:/usr/src/sys/arch/i386/compile/VIN_GATEWAY i386
{2} id
uid=200(jnemeth) gid=50(group) groups=50(group),0(wheel)
{3} echo $USER $LOGNAME
jnemeth jnemeth
{4} su -l toor
Password:
Terminal type is vt100.
# id
uid=0(root) gid=0(wheel) groups=0(wheel)
# echo $USER $LOGNAME
LOGNAME: Undefined variable.
# echo $USER
toor
# echo $LOGNAME
LOGNAME: Undefined variable.
# passwd
Changing local password for jnemeth.
New password:
# setenv LOGNAME root
# echo $LOGNAME
root
# passwd
Changing local password for jnemeth.
New password:
# exit
{5} id
uid=200(jnemeth) gid=50(group) groups=50(group),0(wheel)
{6} su toor
Password:
{1} echo $USER $LOGNAME
jnemeth jnemeth
{2} passwd
Changing local password for jnemeth.
New password:
Note that the passwd program uses getlogin() to determine who you are
and passes that to getpwnam().
} > I believe you can also change the behavior of passwd by changing the
} > value of the $USER or $LOGNAME environment variables.
Nope.
} Also what about the regression? Before PAM (I think), it used to display:
} "Changing local password for ..."
Ignoring the nitpick that the password may not be local, I'll add
this message.
}-- End of excerpt from "Jeremy C. Reed"