Re: two questions about su(1)

Paul Vixie <paul@redbarn.org> writes:
> first, why is the -c check not applied until after a password is collected?

You don't know who the target user is until after you've completed the
PAM conversation, because PAM can translate user names.

>> ➜  ~ su -c zsh

This means “switch credentials to the root user but with the login class
set to zsh instead of the root user's normal login class, then run the
root user's shell”.  I suspect you actually meant “switch credentials to
the root user, then run zsh”, which is written `su root -c zsh` (here
the `-c zsh` part is not interpreted by su, but added to the shell's
command line).

DES
-- 
Dag-Erling Smørgrav - des@FreeBSD.org