[PATCH] bug #10981: adduser -D behavior

Donovan Keohane donovan.keohane at gmail.com
Tue Feb 11 13:13:55 UTC 2020

In adduser in coreutils, the behavior of --disabled-password sets the
users hash in /etc/shadow to a single asterisk. It looks like busybox
adduser '-D' option is supposed to be analogous to the behavior of
coreutils '--disabled-password'.

loginutils/adduser.c:171 @ bd8b05ba1
`                "disabled-password\0"   No_argument       "D"

However, as it stands, busybox's adduser '-D' will set the hash to denote
the account is locked. I think because of this issue, and the
that can be drawn from an account being locked, the default hash should be


diff --git a/loginutils/adduser.c b/loginutils/adduser.c
index d3c795afa..c3929ad20 100644
--- a/loginutils/adduser.c
+++ b/loginutils/adduser.c
@@ -263,7 +263,7 @@ int adduser_main(int argc UNUSED_PARAM, char **argv)
          * 8. unix date when login expires (i.e. when it may no longer be
         /* fields:     2 3  4 5     6 78 */
-       p = xasprintf("!:%u:0:99999:7:::", (unsigned)(time(NULL)) /
+       p = xasprintf("*:%u:0:99999:7:::", (unsigned)(time(NULL)) /
         /* ignore errors: if file is missing we suppose admin doesn't want
it */
         update_passwd(bb_path_shadow_file, pw.pw_name, p, NULL);

Donovan Keohane
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/busybox/attachments/20200211/7f8f3690/attachment.html>

More information about the busybox mailing list