Control: tags -1 confirmed thanks On Thu, May 05, 2011 at 06:56:37PM +0100, Matthew Woodcraft wrote: > The adduser manpage in squeeze contains the following: > > --disabled-login > Do not run passwd to set the password. The user won't be able > to use her account until the password is set.
This is used in 73 packages in Debian > --disabled-password > Like --disabled-login, but logins are still possible (for exam‐ > ple using SSH RSA keys) but not using password authentication. 150 Packages in Debian use this. We therefore must not break things for packages. Discussion of historical UNIX behavior does not help us too much. I would suggest making both options do the same, just not setting a password for the newly created account, document this, and emit in the --disabled-login case a warning that logins might still be possible for the account. A NEWS.Debian entry is probably in order. In the future, we might have a new option, for example --no-set-password, and deprecate both old versions of the options. afaics, the code path selected by adduser --system does not honor either option anyway and just does not set a password. If this is true, this should be documented as well. I a not sure whether we should issue a warning if adduser --system --disabled-(password|login) is called. Greetings Marc