[Adduser-devel] Bug#308881: --disabled-password writes ! in /etc/shadow

Marc Haber Marc Haber <mh+debian-packages@zugschlus.de>, 308881@bugs.debian.org
Sat, 14 May 2005 01:45:29 +0200 

On Fri, May 13, 2005 at 08:49:29PM +0300, Shaul Karl wrote:
> On Fri, May 13, 2005 at 01:43:25PM +0200, Marc Haber wrote:
> > --system always uses --disabled-login implicitly. This is clearly
> > documented.
> > 
> > > Is that the intended behavior?
> > 
> > For system users, yes.
> > 
> > > In this case there is no distinction between
> > > --{disabled-password,disabled-login}, is there?
> > 
> > For system users, there isn't.
> 
> 
>   This is not clearly documented.

I beg to differ

|   Add a system user
|       If called with one non-option argument and the --system option, adduser
|       will add a system user. If an user with an uid in the system range  (or
|       if  the  uid  is specified, with that) does already exist, adduser will
|       exit with a warning.
|
|       adduser will choose the first available UID from  the  range specified
|       for  system users in the configuration file.  The UID can be overridden
|       with the --uid option.
|
|       By default, system users are placed in the nogroup group.  To place the
|       new  system  user  in  an  already  existing  group,  use  the --gid or
|       --ingroup options.  To place the new system user in a  new group  with
|       the same ID, use the --group option.
|
|       A home directory is created by the same rules as for normal users.  The
|       new system user will have the shell /bin/false (unless overridden  with
>>>       the --shell option), and have a disabled password.  Skeletal configura-
|       tion files are not copied.

see the marked line.

> I propose the following:
> 
> 
> --- adduser.8	2005-05-13 13:37:10.000000000 +0300
> +++ adduser.8	2005-05-13 20:33:33.000000000 +0300
> @@ -177,8 +177,10 @@
>  her account until the password is set.
>  .TP
>  .B \-\-disabled-password
> -Like \-\-disabled-login, but logins are still possible for example through
> -SSH RSA keys, but not using password authentication.
> +For a normal user, this is like \-\-disabled-login, but logins are still
> +possible for example through SSH RSA keys, but not using password
> +authentication. For a system user, \-\-disabled-password has the same
> +effect as \-\-disabled-login.
>  .TP
>  .B \-\-force\-badname
>  By default, user and group names are checked against a configurable

This will clutter up the docs with redundant information. I am
strongly opposed.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835