From owner-freebsd-bugs  Mon Jun 17 13:15:12 2002
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 6032637B41F
	for <freebsd-bugs@hub.freebsd.org>; Mon, 17 Jun 2002 13:14:49 -0700 (PDT)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g5HKA2Z20215;
	Mon, 17 Jun 2002 13:10:02 -0700 (PDT)
	(envelope-from gnats)
Date: Mon, 17 Jun 2002 13:10:02 -0700 (PDT)
Message-Id: <200206172010.g5HKA2Z20215@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: "Dan Mahoney, System Admin" <danm@prime.gushi.org>
Subject: Re: misc/39382: Passwd will not work when root su's into a user.
Reply-To: "Dan Mahoney, System Admin" <danm@prime.gushi.org>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org

The following reply was made to PR misc/39382; it has been noted by GNATS.

From: "Dan Mahoney, System Admin" <danm@prime.gushi.org>
To: "Simon 'corecode' Schubert" <corecode@corecode.ath.cx>
Cc: Dan Mahoney <freebsdbugs@gushi.org>,
	<freebsd-gnats-submit@FreeBSD.ORG>
Subject: Re: misc/39382: Passwd will not work when root su's into a user.
Date: Mon, 17 Jun 2002 16:02:15 -0400 (EDT)

 On Mon, 17 Jun 2002, Simon 'corecode' Schubert wrote:
 
 > On Sun, 16 Jun 2002 15:48:05 -0700 (PDT) Dan Mahoney wrote:
 > > >Description:
 > >       When root su's down to another account, even using -l to
 > >       simulate a full login, they are unable to try to use passwd (as
 > >       the user) to change their password, because passwd apparently
 > >       checks realuid, and not effectiveuid.  This also breaks usermin,
 > >       which runs as a normal user, and has a password change module
 > >       that uses passwd.
 
 Okay, so then shouldn't su -l do a setlogin()?
 
 -Dan Mahoney
 
 >
 > this is not true. it cannot check the effective id because this is
 > always changed to 0 (suid root!).
 > passwd(1) checks the login name with getlogin(). this is the only one
 > and true[tm] way to support different accounts with the same UID (for
 > example personalized root accounts etc).
 > besides, su'ing only to change a passwd seems overkill.
 >
 > cheerz
 >   simon
 >
 >
 
 --
 
 "You're a thucking reyer!"
 
 -Richard Bozzello, who believed tongue piercing was painless.
 
 --------Dan Mahoney--------
 Techie,  Sysadmin,  WebGeek
 Gushi on efnet/undernet IRC
 ICQ: 13735144   AIM: LarpGM
 Web: http://prime.gushi.org
 finger danm@prime.gushi.org
 for pgp public key and tel#
 ---------------------------
 
 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message