On 24/03/2025 at 20:29, Cyril Brulebois wrote:

Oh wow, that's indeed badly broken, and will need fixing before the next
release. Reproduced locally with a 'û' in my last name:

     Mar 24 19:17:59 finish-install: info: Running 
/usr/lib/finish-install.d/06user-setup
     Mar 24 19:17:59 user-setup: Shadow passwords are now on.
     Mar 24 20:17:59 chpasswd[8387]: pam_unix(chpasswd:chauthtok): password 
changed for root
     Mar 24 19:17:59 user-setup: invalid characters in Cyril 
Br\x{fffd}\x{fffd}lebois at /usr/share/perl5/Debian/AdduserCommon.pm line 141.
(...)
No feedback during the installation process, just silent failure to
create the user. :(

Looping in adduser people for awareness and maybe tips. A quick look at
adduser.git suggests sanitation got added end 2024/beginning 2025…

If adduser exists in the target system then user-setup runs

  adduser --disabled-password --gecos "$fullname" "$user" || true

else it runs

  useradd -c "$fullname" -m "$user" || true

What is the advantage of calling adduser instead of useradd ?

IIUC adduser's new sanitation regex for the 'comment' (ex-gecos) value) is defined by:

  commentre => qr/["-_\.+!\$%&()\]\[;0-9a-zA-Z\/ ]*/

It looks like only ASCII characters are allowed. Oddly, adduser allows non ASCII characters in interactive mode. useradd does not seem to have such restriction for -c.

Possible options may include:
- align adduser's comment sanitation regex on useradd
- make user-setup have the same restriction on the full name as adduser (it currently does not seem to have any)
- make user-setup always call useradd

PS: Why are user settings collected early in the installation process (before partitioning) even though they are written out at the end ?

Reply via email to