Home / ubuntu / Questions / 615378
Accepted
Fabby
Asked: 2015-04-29 06:21:26 +0800 CST

useradd doesn't allow the user to log on

  • 772

On an Ubuntu 14.04.2 LTS the following command:

adduser fu

and then entering a password bar and just pressing Enter on all other questions, creates a user that allows me to log on and has the following characteristics in /etc/passwd:

fu:x:1002:1002:,,,:/home/fu:/bin/bash

However, doing a:

useradd fu --password bar --groups adm,cdrom,sudo,dip,plugdev,lpadmin --shell /bin/bash --create-home

creates in /etc/passwd

fu:x:1002:1002::/home/fu:/bin/bash

and does not allow me to log on and adding --user-group does not help neither...

As I need useradd (for a docker script) how do I proceed?

P.S. I've had a look at /usr/sbin/adduser already, but as it's perl it's not obvious to me which parameters to add to adduser to have the same functionality as useradd

bash

2 Answers

  1. This might not be working because your password bar is not encrypted. The man page for useradd states:

    The encrypted password, as returned by crypt(3).

    This question on Stack Overflow has a few answers which might help you with your script, as the question asks about adding a user along with a password.

    As the accepted answer was not updated on that question based on user comments, I will reproduce the solution here:

    echo -e "bar\nbar\n" | passwd fu

    That command will change the password for a user fu to bar. The user needs to have been created using useradd, of course.

    Another solution would be to use chpasswd, as the second highest voted answer suggests:

    echo fu:bar | chpasswd

    I have tested both of these solutions, and they both work.

    Edited to remove adduser info and indicate which suggestions from linked question actually work.

    • 2
  2. Best Answer

    Problem #1:

    The commas in the user entry in /etc/passwd are just field separators for user's informations such as "Full Name", "Room Number", "Work Phone" and "Home Phone", so I guess that omitting them is the same as having them with blank fields;

    Problem #2:

    From the Trusty man page for useradd:

    [...]
       -p, --password PASSWORD
           The encrypted password, as returned by crypt(3). The default is to
           disable the password.

           Note: This option is not recommended because the password (or
           encrypted password) will be visible by users listing the processes.

           You should make sure the password respects the system's password
           policy.
[...]

    This means that the password expected by useradd is an already encrypted password (judging from my test through SHA-512): in fact the string passed as an argument to the -p option is written as plain text in /etc/shadow and passwords read from here upon login are expected to be encrypted.

    So the most straightforward solution is to set the password using passwd instead:

    echo -e 'bar\nbar' | passwd fu

    If you can't use passwd, this python command in a subshell as an argument to the -p option should do:

    python -c 'import crypt; print crypt.crypt("bar", "$6$'$(< /dev/urandom tr -dc 'a-zA-Z0-9' | head -c 32)'")'

    Command breakdown:

    python -c 'import crypt; print crypt.crypt("<string>", "$<encryption_type>$<encryption_salt>")'

    *<string> = string to encrypt; <encryption_type> = encryption type; <encryption_salt> = encryption salt

    Crypts a <string> using <encryption type> and <encryption_salt> using the crypt() library call

    In this case:

    • <string> = bar, the password to encrypt
    • <encryption_type> = 6, SHA-512
    • <encryption_salt> = < /dev/urandom tr -dc 'a-zA-Z0-9' | head -c 32, random 32 character string
    • 2