On Wed, Jan 07, 2026 at 01:48:17PM +0100, Marc Haber wrote:
On Wed, Jan 07, 2026 at 01:25:32PM +0100, Chris Hofstaedtler wrote:
Don't get me wrong... in /etc/shadow directly: sure.
But in the input to chpasswd? That seems a bit weird to me?
chpasswd(8) says
-e, --encrypted
Supplied passwords are in encrypted form.
... which doesn't say much :-)
I think that chpasswd should not try to be smarter than its user at
this point. But *shrug*
I have thought about this detached from adduser. chpasswd is documented
as a tool for "batch operations". So it makes perfect sense to generate
a batch of users to have their passwords changed and to disable user
accounts from the same batch without having to special case the lock
operation other then in generating the batch input file.
Also it is a nightmare in error processing to find out which line of
input chpasswd didn't like.
I hope that upstream will change their mind and allow "invalid" hashes
to be passed to chpasswd to disable an account.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
