Bug#302837: adduser: option disabled-login is suprising

Sun, 03 Apr 2005 01:08:03 -0800 

Package: adduser
Version: 3.63
Severity: normal
Tags: patch


The interaction between the two options that control the content of 
password field, --disabled-login and --disabled-password, is 
currently suprising for the user. From user's point of view, one would 
expect that these two options aren't mutually exclusive. We don't even 
print a warning if we get both, so there are instructions in the net 
that use "--disabled-password --disabled-login" or even 
"--disabled-login --disabled-password", which does not disable logins in 
the current implementation.

Please consider applying the attached patch which makes these two 
options add to each other instead of only the last option taking effect.
In addition, the patch makes the default value of $disabled_login 
explicit so we don't depend on the boolean value of an undefined 
variable, and adds a comment to make it clearer that we depend on 
useradd having set the password string to '!' initially.


-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable')
Architecture: i386 (i586)
Kernel: Linux 2.6.10-1-386
Locale: LANG=fi_FI, LC_CTYPE=fi_FI (charmap=ISO-8859-1)

Versions of packages adduser depends on:
ii  debconf                    1.4.30.11     Debian configuration management sy
ii  passwd                     1:4.0.3-30.10 change and administer password and
ii  perl-base                  5.8.4-8       The Pathologically Eclectic Rubbis

-- debconf information:
* adduser/homedir-permission: true

diff -ur adduser-3.63/adduser adduser-3.63-bothdisabled/adduser
--- adduser-3.63/adduser        2005-03-04 08:36:05.000000000 +0200
+++ adduser-3.63-bothdisabled/adduser   2005-04-03 11:03:56.492547870 +0300
@@ -95,6 +95,7 @@
 $verbose = 1;                  # should we be verbose?
 $allow_badname = 0;            # should we allow bad names?
 $ask_passwd = 1;               # ask for a passwd?
+$disabled_login = 0;           # leave the new account disabled?
 
 $defaults = "/etc/adduser.conf";
 $nogroup_id = getgrnam("nogroup") || 65534;
@@ -157,8 +158,7 @@
                if (!defined($special_shell = shift(@ARGV)));
     } elsif ($arg eq "--disabled-password") {
        $ask_passwd = 0;
-       $disabled_login = 0;
-       } elsif ($arg eq "--disabled-login") {
+    } elsif ($arg eq "--disabled-login") {
        $ask_passwd = 0;
        $disabled_login = 1;
     } elsif ($arg eq "--uid") {
@@ -551,6 +551,8 @@
        }
     }
 
+    # useradd without -p has left the account disabled (password string is '!')
+
     if ($ask_passwd) {
        &systemcall('/usr/bin/passwd', $new_name);
     } else {

Reply via email to