OK, I found one clue: lots and lots of commands are implemented in the NAS via busybox. but some of the 'normal' versions of these commands actually need to run "as root", such as 'passwd' and 'su' (so an ordinary user can change their own password while changing passwords is normally something only root can do); for this, there is a special property 'suid' for executables which allows them to run "as root" rather than as the user who runs the command. Only by applying 'suid' to busybox van 'su' and 'passwd' (etc.) be run by *other* users than root. Confirmation of my theory: https://bugs.archlinux.org/task/25999 #NAS