[PATCH] bug #10981: adduser -D behavior
kryn at in2p3.fr
Wed Feb 12 11:07:37 UTC 2020
Le 11/02/2020 à 15:36, Eli Schwartz a écrit :
> On 2/11/20 8:13 AM, Donovan Keohane wrote:
>> In adduser in coreutils, the behavior of --disabled-password sets the
>> users hash in /etc/shadow to a single asterisk. It looks like busybox
>> adduser '-D' option is supposed to be analogous to the behavior of
>> coreutils '--disabled-password'.
> There is no coreutils "adduser" utility. util-linux does provide a
> "useradd" utility, but it does not have any --disabled-password option.
> On my Arch Linux system I cannot find any package which provides an
> "adduser" utility at all, except for busybox which provides some
> nonstandard applet in its multi-call binary, something the usual
> repository search tool cannot pick up.
> I would have expected busybox adduser -D (why does this exist in a form
> so different from the useradd command? At least it doesn't share the
> same name, that would be confusing... then again I guess that is why the
> unusual name) to do exactly what it I guess does, that is to say, it
> disables the feature of automatically prompting for a password, which
> means you will need to manually "passwd"/"chpasswd" in order to login.
> This emulates the default behavior of util-linux useradd, which creates
> an account with a disabled password, and expects you to passwd and
> change it.
> Is there a problem with this behavior?
FYI, there has been for decades an adduser in Debian which is
higher level than useradd in the sense that it is a helper for admin.
It enforces local policy and can be used to change it: minimum userid,
default group, etc.
More information about the busybox