This isn't a bug per se, more of an incongruity in how security-centric tools work wrt root, specifically doas and chroot/su/other:
joe@drogo$ doas -s drogo# doas -u chohag -s doas (root@drogo) password: doas: Authorization failed drogo# chroot -u chohag / drogo$ ^D drogo# su -l chohag drogo$ ^D Obviously a little one-liner or tiny C app could achieve the same result too. I assume this is more or less known, since each tool is working to its designed spec, so is the above ultimately the desired behaviour? Should doas ask even for root's password while myriad other ways of obtaining any user ID do and probably always will exist? On some servers root doesn't have a password. Matthew