Subject: Re: changing root's password changes login user instead
To: Jeremy C. Reed <email@example.com>
From: Zafer Aydogan <firstname.lastname@example.org>
Date: 08/02/2007 10:21:17
2007/5/11, Jeremy C. Reed <email@example.com>:
> On Sat, 5 May 2007, John Nemeth wrote:
> > } > > On NetBSD, logging in as a non-root user and then "su" to root followed
> > } > > by "passwd" will reset the original logged in user's password.
> > I've been admining UNIX systems for over 15 years on a variety of
> > OSes and as far as I can recall, this is how it has always worked.
> Is the behaviour defined anywhere?
> Because on FreeBSD and on Gentoo Linux it is different than NetBSD.
> > Note that the passwd program uses getlogin() to determine who you are
> > and passes that to getpwnam().
> Yes. I just don't think it should use getlogin() -- especially since "su
> -l" only "simulates" login and doesn't setlogin().
> > } Also what about the regression? Before PAM (I think), it used to display:
> > } "Changing local password for ..."
> > Ignoring the nitpick that the password may not be local, I'll add
> > this message.
> Thanks for doing that!
> Jeremy C. Reed
I've run into this problem yesterday. As Jeremy described, the
password of the previous user has been changed, not the one of root.
This happened on 4.99.25. Also the proposed changes to passwd by
printing out "Changing local password for..." seems to be missing. The
different behaviour of passwd after su'ing down to root in contrast to
the other BSDs is also confusing.