On 2/11/20 3:36 PM, Eli Schwartz wrote:
On 2/11/20 8:13 AM, Donovan Keohane wrote:
In adduser in coreutils, the behavior of --disabled-password sets the
users hash in /etc/shadow to a single asterisk. It looks like busybox
adduser '-D' option is supposed to be analogous to the behavior of
coreutils '--disabled-password'.
Hi,
bb's adduser was implemented and modified to mimic the behavior
that at the time debian's adduser showed for the simple reason
that at least for me using debian it was easier to test it that way.
For more info on debian's adduser see the attached man page.
This is also the reason that some defaults chosen are very
debianish but also sane and fit most of the use cases.
Command line options allow to manage corner cases and
other desired behaviors.
The -D option is more or less a synthesis of this two adduser options
(can't say if they existed both in the past):
--disabled-login
Do not run passwd to set the password. The user won't be able to use her
account until the password is set.
--disabled-password
Like --disabled-login, but logins are still possible (for example using SSH
RSA keys) but not using password authentication.
and it was first introduced with commit:
https://git.busybox.net/busybox/commit/loginutils/adduser.c?id=f0f754aeaf47b416abba8206dd2632cf24bb94a3
in 2003
The default passwd was static const char default_passwd[] = "x" for /etc/passwd
and fprintf(shadow, "%s:!:%ld:%ld:%ld:%ld:::\n" in /etc/shadow if shadow
password support
was enabled.
At that time size did matter and If I recall correctly bb didn't
support long options yet but debian's adduser only had long options
therefore the options were chosen arbitrarily by the developers and stayed
like that for the last 17 years.
Hope this helps.
Ciao,
Tito
There is no coreutils "adduser" utility. util-linux does provide a
"useradd" utility, but it does not have any --disabled-password option.
On my Arch Linux system I cannot find any package which provides an
"adduser" utility at all, except for busybox which provides some
nonstandard applet in its multi-call binary, something the usual
repository search tool cannot pick up.
I would have expected busybox adduser -D (why does this exist in a form
so different from the useradd command? At least it doesn't share the
same name, that would be confusing... then again I guess that is why the
unusual name) to do exactly what it I guess does, that is to say, it
disables the feature of automatically prompting for a password, which
means you will need to manually "passwd"/"chpasswd" in order to login.
This emulates the default behavior of util-linux useradd, which creates
an account with a disabled password, and expects you to passwd and
change it.
Is there a problem with this behavior?
ADDUSER(8)
System Manager's Manual
ADDUSER(8)
NAME
adduser, addgroup - add a user or group to the system
SYNOPSIS
adduser [options] [--home DIR] [--shell SHELL] [--no-create-home] [--uid
ID] [--firstuid ID] [--lastuid ID] [--ingroup GROUP | --gid ID]
[--disabled-password] [--disabled-login] [--gecos GECOS] [--add_extra_groups]
user
adduser --system [options] [--home DIR] [--shell SHELL]
[--no-create-home] [--uid ID] [--group | --ingroup GROUP | --gid ID]
[--disabled-password] [--disabled-login] [--gecos GECOS] user
addgroup [options] [--gid ID] group
addgroup --system [options] [--gid ID] group
adduser [options] user group
COMMON OPTIONS
[--quiet] [--debug] [--force-badname] [--help|-h] [--version] [--conf
FILE]
DESCRIPTION
adduser and addgroup add users and groups to the system according to
command line options and configuration information in /etc/adduser.conf. They
are friendlier front ends to the low level tools like useradd, groupadd and
usermod programs, by default choosing Debian policy conformant UID and
GID values, creating a home directory with skeletal configuration, running a
custom script, and other features. adduser and addgroup can be run in one
of five modes:
Add a normal user
If called with one non-option argument and without the --system or
--group options, adduser will add a normal user.
adduser will choose the first available UID from the range specified for
normal users in the configuration file. The UID can be overridden with the
--uid option.
The range specified in the configuration file may be overridden with the
--firstuid and --lastuid options.
By default, each user in Debian GNU/Linux is given a corresponding group
with the same name. Usergroups allow group writable directories to be easily
maintained by placing the appropriate users in the new group, setting the
set-group-ID bit in the directory, and ensuring that all users use a
umask of 002. If this option is turned off by setting USERGROUPS to no, all
users' GIDs are set to USERS_GID. Users' primary groups can also be overrid‐
den from the command line with the --gid or --ingroup options to set
the group by id or name, respectively. Also, users can be added to one or more
groups defined in adduser.conf either by setting ADD_EXTRA_GROUPS to 1 in
adduser.conf, or by passing --add_extra_groups on the commandline.
adduser will create a home directory subject to DHOME, GROUPHOMES, and
LETTERHOMES. The home directory can be overridden from the command line with
the --home option, and the shell with the --shell option. The home direc‐
tory's set-group-ID bit is set if USERGROUPS is yes so that any files
created in the user's home directory will have the correct group.
adduser will copy files from SKEL into the home directory and prompt
for finger (gecos) information and a password. The gecos may also be set with
the --gecos option. With the --disabled-login option, the account will be
created but will be disabled until a password is set. The
--disabled-password option will not set a password, but login is still possible
(for example with SSH RSA keys).
If the file /usr/local/sbin/adduser.local exists, it will be executed
after the user account has been set up in order to do any local setup. The
arguments passed to adduser.local are:
username uid gid home-directory
The environment variable VERBOSE is set according to the following rule:
0 if --quiet is specified
1 if neither
--quiet nor --debug is specified
2 if --debug is specified
(The same applies to the variable DEBUG, but DEBUG is deprecated
and will be removed in a later version of adduser.)
Add a system user
If called with one non-option argument and the --system option, adduser
will add a system user. If a user with the same name already exists in the
system uid range (or, if the uid is specified, if a user with that uid al‐
ready exists), adduser will exit with a warning. This warning can be
suppressed by adding --quiet.
adduser will choose the first available UID from the range specified
for system users in the configuration file (FIRST_SYSTEM_UID and
LAST_SYSTEM_UID). If you want to have a specific UID, you can specify it using
the --uid
option.
By default, system users are placed in the nogroup group. To place the
new system user in an already existing group, use the --gid or --ingroup
options. To place the new system user in a new group with the same ID, use the
--group option.
A home directory is created by the same rules as for normal users.
The new system user will have the shell /usr/sbin/nologin (unless overridden
with the --shell option), and have logins disabled. Skeletal configuration
files are not copied.
Add a user group
If adduser is called with the --group option and without the --system
option, or addgroup is called respectively, a user group will be added.
A GID will be chosen from the range specified for system GIDS in the
configuration file (FIRST_GID, LAST_GID). To override that mechanism you can
give the GID using the --gid option.
The group is created with no users.
Add a system group
If addgroup is called with the --system option, a system group will be
added.
A GID will be chosen from the range specified for system GIDS in the
configuration file (FIRST_SYSTEM_GID, LAST_SYSTEM_GID). To override that
mechanism you can give the GID using the --gid option.
The group is created with no users.
Add an existing user to an existing group
If called with two non-option arguments, adduser will add an existing
user to an existing group.
OPTIONS
--conf FILE
Use FILE instead of /etc/adduser.conf.
--disabled-login
Do not run passwd to set the password. The user won't be able to
use her account until the password is set.
--disabled-password
Like --disabled-login, but logins are still possible (for example
using SSH RSA keys) but not using password authentication.
--force-badname
By default, user and group names are checked against the
configurable regular expression NAME_REGEX specified in the configuration file.
This option forces adduser and addgroup to apply only a weak check for validity
of the name. NAME_REGEX is described in adduser.conf(5).
--gecos GECOS
Set the gecos field for the new entry generated. adduser will
not ask for finger information if this option is given.
--gid ID
When creating a group, this option forces the new groupid to be
the given number. When creating a user, this option will put the user in that
group.
--group
When combined with --system, a group with the same name and ID
as the system user is created. If not combined with --system, a group with the
given name is created. This is the default action if the program is in‐
voked as addgroup.
--help Display brief instructions.
--home DIR
Use DIR as the user's home directory, rather than the default
specified by the configuration file. If the directory does not exist, it is
created and skeleton files are copied.
--shell SHELL
Use SHELL as the user's login shell, rather than the default
specified by the configuration file.
--ingroup GROUP
Add the new user to GROUP instead of a usergroup or the default
group defined by USERS_GID in the configuration file. This affects the users
primary group. To add additional groups, see the add_extra_groups option.
--no-create-home
Do not create the home directory, even if it doesn't exist.
--quiet
Suppress informational messages, only show warnings and errors.
--debug
Be verbose, most useful if you want to nail down a problem with
adduser.
--system
Create a system user or group.
--uid ID
Force the new userid to be the given number. adduser will fail
if the userid is already taken.
--firstuid ID
Override the first uid in the range that the uid is chosen from
(overrides FIRST_UID specified in the configuration file).
--lastuid ID
Override the last uid in the range that the uid is chosen from (
LAST_UID )
--add_extra_groups
Add new user to extra groups defined in the configuration file.
--version
Display version and copyright information.
EXIT VALUES
0 The user exists as specified. This can have 2 causes: The user
was created by adduser or the user was already present on the system before
adduser was invoked. If adduser was returning 0 , invoking adduser a second
time with the same parameters as before also returns 0.
1 Creating the user or group failed because it was already
present with other UID/GID than specified. The username or groupname was
rejected because of a mismatch with the configured regular expressions, see ad‐
duser.conf(5). Adduser has been aborted by a signal.
Or for many other yet undocumented reasons which are printed to
console then. You may then consider to remove --quiet to make adduser more
verbose.
FILES
/etc/adduser.conf
Default configuration file for adduser and addgroup
/usr/local/sbin/adduser.local
Optional custom add-ons.
SEE ALSO
adduser.conf(5), deluser(8), groupadd(8), useradd(8), usermod(8), Debian
Policy 9.2.2.
COPYRIGHT
Copyright (C) 1997, 1998, 1999 Guy Maor. Modifications by Roland
Bauerschmidt and Marc Haber. Additional patches by Joerg Hoh and Stephen Gran.
Copyright (C) 1995 Ted Hajek, with a great deal borrowed from the
original Debian adduser
Copyright (C) 1994 Ian Murdock. adduser is free software; see the GNU
General Public Licence version 2 or later for copying conditions. There is no
warranty.
Debian GNU/Linux
Version 3.118
ADDUSER(8)
_______________________________________________
busybox mailing list
[email protected]
http://lists.busybox.net/mailman/listinfo/busybox
