Subject: Re: changing root's password changes login user instead
To: None <tech-userlevel@netbsd.org>
From: John Nemeth <jnemeth@victoria.tc.ca>
List: tech-userlevel
Date: 08/02/2007 03:36:18
On Dec 23, 4:57am, "Zafer Aydogan" wrote:
} 2007/5/11, Jeremy C. Reed <reed@reedmedia.net>:
} > On Sat, 5 May 2007, John Nemeth wrote:
} >
} > > } > > On NetBSD, logging in as a non-root user and then "su" to root followed
} > > } > > by "passwd" will reset the original logged in user's password.
} > >
} > > I've been admining UNIX systems for over 15 years on a variety of
} > > OSes and as far as I can recall, this is how it has always worked.
} >
} > Is the behaviour defined anywhere?
} >
} > Because on FreeBSD and on Gentoo Linux it is different than NetBSD.
} >
} > > Note that the passwd program uses getlogin() to determine who you are
} > > and passes that to getpwnam().
} >
} > Yes. I just don't think it should use getlogin() -- especially since "su
} > -l" only "simulates" login and doesn't setlogin().
} >
} > > } Also what about the regression? Before PAM (I think), it used to display:
} > > } "Changing local password for ..."
} > >
} > > Ignoring the nitpick that the password may not be local, I'll add
} > > this message.
}
} I've run into this problem yesterday. As Jeremy described, the
} password of the previous user has been changed, not the one of root.
} This happened on 4.99.25. Also the proposed changes to passwd by
This is correct, it is how it is supposed to behave.
} printing out "Changing local password for..." seems to be missing. The
This was done on May 6th. See below...
} different behaviour of passwd after su'ing down to root in contrast to
} the other BSDs is also confusing.
As a long time UNIX admin, I would consider any other behaviour to
be confusing and a violation of POLA (Policy Of Least Astonishment).
revision 1.4
date: 2007/05/06 09:19:44; author: jnemeth; state: Exp; lines: +4 -2
Display a message indicating who's password is being changed, as per
Jeremy Reed on tech-userlevel.
ultra: {605} cvs diff -u -r 1.3 -r 1.4 pam_passwd.c
Index: pam_passwd.c
===================================================================
RCS file: /cvsroot/src/usr.bin/passwd/pam_passwd.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- pam_passwd.c 26 Feb 2005 07:19:25 -0000 1.3
+++ pam_passwd.c 6 May 2007 09:19:44 -0000 1.4
@@ -1,4 +1,4 @@
-/* $NetBSD: pam_passwd.c,v 1.3 2005/02/26 07:19:25 thorpej Exp $ */
+/* $NetBSD: pam_passwd.c,v 1.4 2007/05/06 09:19:44 jnemeth Exp $ */
/*-
* Copyright (c) 2002 Networks Associates Technologies, Inc.
@@ -38,7 +38,7 @@
#ifdef __FreeBSD__
__FBSDID("$FreeBSD: src/usr.bin/passwd/passwd.c,v 1.23 2003/04/18 21:27:09 nect
ar Exp $");
CSID("$NetBSD: pam_passwd.c,v 1.3 2005/02/26 07:19:25 thorpej Exp $");
+__RCSID("$NetBSD: pam_passwd.c,v 1.4 2007/05/06 09:19:44 jnemeth Exp $");
#endif
#include <sys/param.h>
@@ -98,6 +98,8 @@
/* NOTREACHED */
}
+ (void)printf("Changing password for %s.\n", username);
+
/* initialize PAM -- always use the program name "passwd" */
pam_err = pam_start("passwd", username, &pamc, &pamh);
pam_check("unable to start PAM session");
}-- End of excerpt from "Zafer Aydogan"