[PATCH] bug #10981: adduser -D behavior

Eli Schwartz eschwartz at archlinux.org
Wed Feb 12 12:27:27 UTC 2020

On 2/12/20 6:48 AM, Donovan Keohane wrote:
> My apologies on the coreutils misnomer, adduser is provided by package
> 'adduser'
> in the Debian repos at least. There is not a direct issue with the
> functional behavior of Busybox's adduser, it does properly skip the
> password prompt and create an account with a disabled password.
> The issue lies in the symbolic meaning of '!' versus '*'. While both are
> valid characters to create an impossible hash, '!' is used by 'passwd' to
> denote a locked account. I don't think accounts with a disabled password
> should be locked by default.

Again: my point is that this is imitating the default behavior of
useradd, with the addendum that it will prompt for a password during
account creation. Do you propose to change the default behavior of the
shadow project's useradd command too?

Eli Schwartz
Arch Linux Bug Wrangler and Trusted User

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1601 bytes
Desc: OpenPGP digital signature
URL: <http://lists.busybox.net/pipermail/busybox/attachments/20200212/ecdc589e/attachment.asc>

More information about the busybox mailing list