[PATCH] bug #10981: adduser -D behavior

Donovan Keohane donovan.keohane at gmail.com
Wed Feb 12 11:48:12 UTC 2020


My apologies on the coreutils misnomer, adduser is provided by package
'adduser'
in the Debian repos at least. There is not a direct issue with the
functional behavior of Busybox's adduser, it does properly skip the
password prompt and create an account with a disabled password.

The issue lies in the symbolic meaning of '!' versus '*'. While both are
valid characters to create an impossible hash, '!' is used by 'passwd' to
denote a locked account. I don't think accounts with a disabled password
should be locked by default.

On 2/11/20 9:36 AM, Eli Schwartz wrote:
> On 2/11/20 8:13 AM, Donovan Keohane wrote:
>> In adduser in coreutils, the behavior of --disabled-password sets the
>> users hash in /etc/shadow to a single asterisk. It looks like busybox
>> adduser '-D' option is supposed to be analogous to the behavior of
>> coreutils '--disabled-password'.
>
> There is no coreutils "adduser" utility. util-linux does provide a
> "useradd" utility, but it does not have any --disabled-password option.
> On my Arch Linux system I cannot find any package which provides an
> "adduser" utility at all, except for busybox which provides some
> nonstandard applet in its multi-call binary, something the usual
> repository search tool cannot pick up.
>
> I would have expected busybox adduser -D (why does this exist in a form
> so different from the useradd command? At least it doesn't share the
> same name, that would be confusing... then again I guess that is why the
> unusual name) to do exactly what it I guess does, that is to say, it
> disables the feature of automatically prompting for a password, which
> means you will need to manually "passwd"/"chpasswd" in order to login.
> This emulates the default behavior of util-linux useradd, which creates
> an account with a disabled password, and expects you to passwd and
> change it.
>
> Is there a problem with this behavior?
>
>
> _______________________________________________
> busybox mailing list
> busybox at busybox.net
> http://lists.busybox.net/mailman/listinfo/busybox
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/busybox/attachments/20200212/36fe7323/attachment.html>


More information about the busybox mailing list