Hi,
Pascal Hambourg <pas...@plouf.fr.eu.org> wrote (Wed, 26 Mar 2025 20:54:09
+0100):
> On 24/03/2025 at 20:29, Cyril Brulebois wrote:
> >
> > Oh wow, that's indeed badly broken, and will need fixing before the next
> > release. Reproduced locally with a 'û' in my last name:
> >
> > Mar 24 19:17:59 finish-install: info: Running
> > /usr/lib/finish-install.d/06user-setup
> > Mar 24 19:17:59 user-setup: Shadow passwords are now on.
> > Mar 24 20:17:59 chpasswd[8387]: pam_unix(chpasswd:chauthtok): password
> > changed for root
> > Mar 24 19:17:59 user-setup: invalid characters in Cyril
> > Br\x{fffd}\x{fffd}lebois at /usr/share/perl5/Debian/AdduserCommon.pm line
> > 141.
> (...)
> > No feedback during the installation process, just silent failure to
> > create the user. :(
> >
> > Looping in adduser people for awareness and maybe tips. A quick look at
> > adduser.git suggests sanitation got added end 2024/beginning 2025…
>
> If adduser exists in the target system then user-setup runs
>
> adduser --disabled-password --gecos "$fullname" "$user" || true
>
> else it runs
>
> useradd -c "$fullname" -m "$user" || true
>
> What is the advantage of calling adduser instead of useradd ?
When looking at the manpages of these both, it seems as adduser is
preferred over useradd; people are recommended to not use useradd.
Why have the above logic in the installer at all?
useradd looks as some kind of backup... Maybe there may be/were situations,
where adduser package is not installed, but shadow is?
I have tested an install with not selecting anything in tasksel (even
standard was unselected), and both adduser and useradd were installed
in this minimal setup. So useradd seems to be mostly not in use (anymore).
Anyway, it seems that adduser is the program, that's used when this error
occures, not useradd.
> IIUC adduser's new sanitation regex for the 'comment' (ex-gecos) value)
> is defined by:
>
> commentre => qr/["-_\.+!\$%&()\]\[;0-9a-zA-Z\/ ]*/
>
> It looks like only ASCII characters are allowed. Oddly, adduser allows
> non ASCII characters in interactive mode. useradd does not seem to have
> such restriction for -c.
>
> Possible options may include:
> - align adduser's comment sanitation regex on useradd
> - make user-setup have the same restriction on the full name as adduser
> (it currently does not seem to have any)
If above sanitation regex is new in adduser, then this choice looks to me
like the way to go.
> - make user-setup always call useradd
>
> PS: Why are user settings collected early in the installation process
> (before partitioning) even though they are written out at the end ?
Holger
--
Holger Wansing <hwans...@mailbox.org>
PGP-Fingerprint: 496A C6E8 1442 4B34 8508 3529 59F1 87CA 156E B076
