[Adduser-devel] Bug#308881: --disabled-password writes ! in /etc/shadow

Shaul Karl Shaul Karl <shaulk@013.net>, 308881@bugs.debian.org
Fri, 13 May 2005 20:49:29 +0300


On Fri, May 13, 2005 at 01:43:25PM +0200, Marc Haber wrote:
> --system always uses --disabled-login implicitly. This is clearly
> documented.
> 
> > Is that the intended behavior?
> 
> For system users, yes.
> 
> > In this case there is no distinction between
> > --{disabled-password,disabled-login}, is there?
> 
> For system users, there isn't.


  This is not clearly documented. I propose the following:


--- adduser.8	2005-05-13 13:37:10.000000000 +0300
+++ adduser.8	2005-05-13 20:33:33.000000000 +0300
@@ -177,8 +177,10 @@
 her account until the password is set.
 .TP
 .B \-\-disabled-password
-Like \-\-disabled-login, but logins are still possible for example through
-SSH RSA keys, but not using password authentication.
+For a normal user, this is like \-\-disabled-login, but logins are still
+possible for example through SSH RSA keys, but not using password
+authentication. For a system user, \-\-disabled-password has the same
+effect as \-\-disabled-login.
 .TP
 .B \-\-force\-badname
 By default, user and group names are checked against a configurable


> 
> >   The way I interpret the OPTIONS sections of the man page,
> > --disabled-login should have a stronger effect then --disabled-password:
> 
> Yes, for normal users.
> 
> >   Shouldn't --disabled-login use '!' and --disabled-password use '*'?
> 
> It does. For normal users.
>