Bug 33440 - passwd without username changes password for another user under su -
Summary: passwd without username changes password for another user under su -
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: passwd (show other bugs)
Version: unstable
Hardware: all Linux
: P3 enhancement
Assignee: Dmitry V. Levin
QA Contact: qa-sisyphus
URL:
Keywords:
Depends on:
Blocks: 33439
  Show dependency tree
 
Reported: 2017-05-01 12:48 MSK by Ivan Zakharyaschev
Modified: 2018-07-02 02:05 MSK (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ivan Zakharyaschev 2017-05-01 12:48:36 MSK
The same happens on Sisyphus:


[root@dd2 ~]# rpm -qf "$(which passwd)" "$(which su)"
passwd-1.0.13-alt1.x86_64
su-0.60-alt35.x86_64
[root@dd2 ~]# apt-cache depends passwd | sed -nre 's:^    ::p' | sort -u
control-0.7.6-alt1
glibc-core-6:2.25-alt2
libpam0-1.3.0-alt1
pam-config-1.7.0-alt1
pam0-config-1.7.0-alt1
sh-3.2.57-alt1
tcb-utils-1.1-alt1
[root@dd2 ~]# 

+++ This bug was initially created as a clone of Bug #33439 +++

$ rpm -qf "$(which passwd)" "$(which su)"
passwd-1.0.13-alt1
su-0.60-alt34
$ apt-cache depends passwd | sed -nre 's:^    ::p' | sort -u
control-0.7.6-alt1
glibc-core-6:2.23-alt3
libpam0-1.3.0-alt1
pam0-config-1.7.0-alt1
pam-config-1.7.0-alt1
sh-3.2.57-alt1
tcb-utils-1.1-alt1
$ 

I expect to change the password for root, but passwd without username changes password for another user under "su -":

imz@rollerderby ~ $ su -
Password: 
rollerderby ~ # passwd
passwd: updating all authentication tokens for user imz.

...

(First, I didn't notice that the username is written in the message and couldn't understand what was happening!)
Comment 1 Ivan Zakharyaschev 2017-05-01 12:55:13 MSK
I've checked this on old systems. The behavior is the same. Perhaps, this is not a bug, but an old feature...
Comment 2 Ivan Zakharyaschev 2017-05-01 13:00:15 MSK
But the behavior is like I expected (i.e., different from ALT) on a RHEL7.2-clone:

{box} [user@dd1 ~]$ su -
Password: 
Last login: Thu Apr 27 18:08:58 MSK 2017 from gateway on pts/1
{box} [root@dd1 ~]# passwd
Changing password for user root.
New password: 
{box} [root@dd1 ~]# cat /etc/os-release 
NAME="Scientific Linux"
VERSION="7.2 (Nitrogen)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="7.2"
PRETTY_NAME="Scientific Linux 7.2 (Nitrogen)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:scientificlinux:scientificlinux:7.2:GA"
HOME_URL="http://www.scientificlinux.org//"
BUG_REPORT_URL="mailto:scientific-linux-devel@listserv.fnal.gov"

REDHAT_BUGZILLA_PRODUCT="Scientific Linux 7"
REDHAT_BUGZILLA_PRODUCT_VERSION=7.2
REDHAT_SUPPORT_PRODUCT="Scientific Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="7.2"
{box} [root@dd1 ~]# rpm -qf "$(which passwd)" "$(which su)"
passwd-0.79-4.el7.x86_64
util-linux-2.23.2-26.el7.x86_64
{box} [root@dd1 ~]#
Comment 3 Dmitry V. Levin 2017-05-01 13:04:09 MSK
(In reply to comment #1)
> I've checked this on old systems. The behavior is the same. Perhaps, this is
> not a bug, but an old feature...

Yes, quite old. It's the name returned by getlogin(3) and printed by logname(1).
Comment 4 Ivan Zakharyaschev 2017-05-01 13:14:21 MSK
From http://openbsd-archive.7691.n7.nabble.com/passwd-without-argument-in-sudo-td274304.html :

> when I 'sudo su - ' into a root shell and issue a 'passwd' without a 
> username 
> argument, then it does not try to change the passwd for the current user (in 
> this case root) but for the user from which I issued the 'sudo'. 

This is because passwd changes the password for the logged in user 
by default, as returned by the logname system call.  You can run 
the logname command to see that this is not changed when you run 
su. 

It's probably worth mentioning this in the passwd manual as it does 
seem to cause some confusion. 

--------

But on the RHEL7.2-clone the user reported by logname and the user the password is changed for (root, as expected) are different: 

{box} [root@dd1 ~]# logname
user
{box} [root@dd1 ~]# passwd
Changing password for user root.
New password: 
{box} [root@dd1 ~]# 

Such a difference in the behavior between different distributions is confusing, isn't it? But I don't know what a good solution could be... Like here http://lists.suckless.org/hackers/1407/5172.html : "allow passwd without argument, prompt which user password is changed"
Comment 5 Ivan Zakharyaschev 2017-05-01 15:53:54 MSK
This was discussed already in the beginning of 2003 -- https://lists.altlinux.org/pipermail/sisyphus/2003-February/238619.html .

Perhaps, to avoid confusion, the invocation without an argument should be simply disallowed (for /usr/sbin/passwd, i.e., for root, who can easily change the password for another user by mistake).
Comment 6 Repository Robot 2018-07-02 02:05:01 MSK
passwd-1.0.14-alt1 -> sisyphus:

Sun Jul 01 2018 Dmitry V. Levin <ldv@altlinux> 1.0.14-alt1
- Refuse to change password for different logged in user by default
  (closes: #33440).
- passwd -d: clarify the meaning of delete option (closes: #34906).
- passwd -S: support detection of modern encryption modes (by vt@).