[Adduser-devel] Bug#298883: Re: adduser --system should add users without expire period

Marc Haber Marc Haber <mh+debian-packages@zugschlus.de>, 298883@bugs.debian.org
Sat, 16 Apr 2005 19:12:54 +0200 

retitle #298883 PASS_MAX_DAYS in /etc/login.defs creates expiring system accounts - on hold until #304934 is fixed
thanks

Hi,

On Mon, Mar 21, 2005 at 04:16:41PM +0100, Gerhard Schrenk wrote:
> gandalf:/home/gandalf/gps# useradd -x 99999 testit
> useradd: invalid option -- x
> usage: useradd  [-u uid [-o]] [-g group] [-G group,...] 
>                 [-d home] [-s shell] [-c comment] [-m [-k template]]
>                 [-f inactive] [-e expire ] [-p passwd] name
>        useradd  -D [-g group] [-b base] [-s shell]
>                 [-f inactive] [-e expire ]
> 
> Do you mean useradd -e 99999?

No. I don't know where the -x came from in my mind. But, alas, it
looks like useradd doesn't allow the PASS_MAX_DAYS to be overridden on
the command line, making this bug unfixable within adduser.

I have thus opened a bug against useradd (#304934) to allow this, and will
implement the appropriate option as soon as useradd provides the
needed facility.

> > The only possible fix for _adduser_ would be to ignore PASS_MAX_DAYS
> > for system account creation. Is that what you're suggesting?
> 
> Yes. I think this should be the sane default behaviour for 'adduser --system'.
> Only adduser and adduser.conf is mentioned in debian policy section 9.2.2 (and
> neither useradd nor /etc/login.defs). I suppose you should fix this independant
> of what useradd ist doing. 

Policy 9.2.2 is right - Packages should use adduser to create system
accounts. And this doesn't work right because the useradd backend
isn't sufficiently flexible. 

> But maybe the right thing is to actually fix useradd??

Yes.

> At least its manpage
> does not mention /etc/login.defs.

That sounds like a documentation bug, as the login.defs manpage
clearly says that useradd reads login.defs

> Therefore I have cc'ed its maintainers.

Good ;)

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835