ALT Linux Bugzilla – Full Text Bug Listing
| Summary: | passwd without username changes password for another user under su - | ||
|---|---|---|---|
| Product: | Sisyphus | Reporter: | Ivan Zakharyaschev <imz> |
| Component: | passwd | Assignee: | Dmitry V. Levin <ldv> |
| Status: | CLOSED FIXED | QA Contact: | qa-sisyphus |
| Severity: | enhancement | ||
| Priority: | P3 | CC: | ldv, placeholder |
| Version: | unstable | ||
| Hardware: | all | ||
| OS: | Linux | ||
| Bug Depends on: | |||
| Bug Blocks: | 33439 | ||
|
Description
Ivan Zakharyaschev
2017-05-01 12:48:36 MSK
I've checked this on old systems. The behavior is the same. Perhaps, this is not a bug, but an old feature... But the behavior is like I expected (i.e., different from ALT) on a RHEL7.2-clone:
{box} [user@dd1 ~]$ su -
Password:
Last login: Thu Apr 27 18:08:58 MSK 2017 from gateway on pts/1
{box} [root@dd1 ~]# passwd
Changing password for user root.
New password:
{box} [root@dd1 ~]# cat /etc/os-release
NAME="Scientific Linux"
VERSION="7.2 (Nitrogen)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="7.2"
PRETTY_NAME="Scientific Linux 7.2 (Nitrogen)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:scientificlinux:scientificlinux:7.2:GA"
HOME_URL="http://www.scientificlinux.org//"
BUG_REPORT_URL="mailto:scientific-linux-devel@listserv.fnal.gov"
REDHAT_BUGZILLA_PRODUCT="Scientific Linux 7"
REDHAT_BUGZILLA_PRODUCT_VERSION=7.2
REDHAT_SUPPORT_PRODUCT="Scientific Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="7.2"
{box} [root@dd1 ~]# rpm -qf "$(which passwd)" "$(which su)"
passwd-0.79-4.el7.x86_64
util-linux-2.23.2-26.el7.x86_64
{box} [root@dd1 ~]#
(In reply to comment #1) > I've checked this on old systems. The behavior is the same. Perhaps, this is > not a bug, but an old feature... Yes, quite old. It's the name returned by getlogin(3) and printed by logname(1). From http://openbsd-archive.7691.n7.nabble.com/passwd-without-argument-in-sudo-td274304.html : > when I 'sudo su - ' into a root shell and issue a 'passwd' without a > username > argument, then it does not try to change the passwd for the current user (in > this case root) but for the user from which I issued the 'sudo'. This is because passwd changes the password for the logged in user by default, as returned by the logname system call. You can run the logname command to see that this is not changed when you run su. It's probably worth mentioning this in the passwd manual as it does seem to cause some confusion. -------- But on the RHEL7.2-clone the user reported by logname and the user the password is changed for (root, as expected) are different: {box} [root@dd1 ~]# logname user {box} [root@dd1 ~]# passwd Changing password for user root. New password: {box} [root@dd1 ~]# Such a difference in the behavior between different distributions is confusing, isn't it? But I don't know what a good solution could be... Like here http://lists.suckless.org/hackers/1407/5172.html : "allow passwd without argument, prompt which user password is changed" This was discussed already in the beginning of 2003 -- https://lists.altlinux.org/pipermail/sisyphus/2003-February/238619.html . Perhaps, to avoid confusion, the invocation without an argument should be simply disallowed (for /usr/sbin/passwd, i.e., for root, who can easily change the password for another user by mistake). passwd-1.0.14-alt1 -> sisyphus: Sun Jul 01 2018 Dmitry V. Levin <ldv@altlinux> 1.0.14-alt1 - Refuse to change password for different logged in user by default (closes: #33440). - passwd -d: clarify the meaning of delete option (closes: #34906). - passwd -S: support detection of modern encryption modes (by vt@). |
