adduser -D creates a locked account instead of a passwordless account

Tito farmatito at tiscali.it
Fri Nov 8 06:59:14 UTC 2019



On 11/8/19 5:52 AM, Ashen Gunaratne wrote:
> The use of flag '-D' while user account creation seems to disable the created account (analogue of 'passwd -l') instead of simply leaving the account passwordless (analogue of 'passwd -u'). Which I find contrasting against the documentation;
> 
>>     -D              Do not assign a password
> 
> 
> / # busybox --help
> BusyBox v1.28.3 (2018-04-03 20:29:50 UTC) multi-call binary
> 
> / # addgroup -g 1000 alpine \
>     && adduser -u 1000 -s /bin/sh -G alpine -D alpine
> 
> / # cat /etc/shadow | grep alpine
> alpine:!:17651:0:99999:7:::
> 
> / # addgroup -g 1010 ubuntu \
>     && adduser -u 1010 -s /bin/sh -G ubuntu ubuntu
> 
> / # cat /etc/shadow | grep ubuntu
> ubuntu:B8E3g/WNknCBw:17651:0:99999:7:::
> 
> The aforesaid issue has been already submitted to the BusyBox Bug and Patch Tracking System bearing reference 10981.

Hi,

upstream adduser has no short options, but only long options (so busybox is not NOT COMPATIBLE):

        --disabled-login
               Do not run passwd to set the password.  The user won't be able to use her account until the password is set.

        --disabled-password
               Like --disabled-login, but logins are still possible (for example using SSH RSA keys) but not using password authentication.

and at least on debian has no --empty-password at all.

		"home\0"                Required_argument "h"
		"gecos\0"               Required_argument "g"
		"shell\0"               Required_argument "s"
		"ingroup\0"             Required_argument "G"
		"disabled-password\0"   No_argument       "D"
		"empty-password\0"      No_argument       "D"
		"system\0"              No_argument       "S"
		"no-create-home\0"      No_argument       "H"
		"uid\0"                 Required_argument "u"
		"skel\0"                Required_argument "k"

so while the help text -D              Do not assign a password
is somewhat misleading and could eventually be fixed the behavior
of the applet seems acceptable to me except for the use of SSH RSA
which I doubt being supported by busybox.

Just my 0.2 cents.

Ciao,
Tito


More information about the busybox mailing list