[Adduser-devel] Bug#308881: --disabled-password writes ! in /etc/shadow
Shaul Karl
Shaul Karl <shaulk@013.net>, 308881@bugs.debian.org
Fri, 13 May 2005 20:49:29 +0300
On Fri, May 13, 2005 at 01:43:25PM +0200, Marc Haber wrote:
> --system always uses --disabled-login implicitly. This is clearly
> documented.
>
> > Is that the intended behavior?
>
> For system users, yes.
>
> > In this case there is no distinction between
> > --{disabled-password,disabled-login}, is there?
>
> For system users, there isn't.
This is not clearly documented. I propose the following:
--- adduser.8 2005-05-13 13:37:10.000000000 +0300
+++ adduser.8 2005-05-13 20:33:33.000000000 +0300
@@ -177,8 +177,10 @@
her account until the password is set.
.TP
.B \-\-disabled-password
-Like \-\-disabled-login, but logins are still possible for example through
-SSH RSA keys, but not using password authentication.
+For a normal user, this is like \-\-disabled-login, but logins are still
+possible for example through SSH RSA keys, but not using password
+authentication. For a system user, \-\-disabled-password has the same
+effect as \-\-disabled-login.
.TP
.B \-\-force\-badname
By default, user and group names are checked against a configurable
>
> > The way I interpret the OPTIONS sections of the man page,
> > --disabled-login should have a stronger effect then --disabled-password:
>
> Yes, for normal users.
>
> > Shouldn't --disabled-login use '!' and --disabled-password use '*'?
>
> It does. For normal users.
>