You are not logged in.
I had a strange a unpleasant thing happen to me today. I did, as my non-root user, "su -c backup", where backup is a shell script of my own creation. For some strange reason, su started that backup script before asking for the root password! In my terminal I saw su's password prompt mixed with the output of the beginning of the backup script (which was also a password prompt, but a very different kind, coming from cryptsetup). Clearly the script was actually being run as root, since otherwise, cryptsetup errors out before asking for the password.
If I would have thought more thoroughly, I should have checked which password prompt actually controlled the terminal. As it was, I killed it immediately instead. I've been unable to reproduce it, either with the same command, or a different one. I've haven't changed any of my PAM setup either. There's nothing interesting logged for this event.
Anybody ever see such a thing? What's going on here? Is su getting bit-rotted now that almost every uses sudo instead? This is a major security risk if it can be reproduced.
Offline