Package: passwd Version: 1:4.4-4.1 Severity: normal Dear Maintainer,
Debian has 3 default values for login shells for newly created user accounts. There should be only one, and one that does not lead to weird behavior. These are the three variants: 1) /bin/bash 2) /bin/sh 3) '' (the empty string) Option 1) is the result when the new user account is created with the program `adduser`. Option 2) is a possible result according to the documentation of `useradd`, but it is not actually possible. Option 3) is the result when the new user account is created with the program `useradd`. Related bugs: * #892098 "passwd: useradd in Jessie creates user with empty string as shell" Issue #892098 is discussed here as well, but in a larger context. * #897028 "passwd: typo in comment in file /etc/default/useradd" Issue #897028 would be fixed by implementing suggested fix 3) detailed below. The relevant information and documentation excerpts: useradd is part of package `passwd`. Documentation for the option `--shell` from the `useradd` man page: ~~ The name of the user's login shell. The default is to leave this field blank, which causes the system to select the default login shell specified by the SHELL variable in /etc/default/useradd, or an empty string by default. ~~ Relevant snippet from `/etc/default/useradd`: ~~ # The SHELL variable specifies the default login shell on your # system. # Similar to DHSELL in adduser. However, we use "sh" here because # useradd is a low level utility and should be as general # as possible SHELL=/bin/sh ~~ adduser is part of package `adduser`. Documentation for the option `--shell` from the `adduser` man page: ~~ Use SHELL as the user's login shell, rather than the default specified by the configuration file. ~~ >From the `adduser.conf` man page: ~~ DSHELL The login shell to be used for all new users. Defaults to /bin/bash. ~~ Suggested fixes (mostly independent of each other): 1) Update the section quoted above from the useradd man page, since it's logically impossible for a default value to be "A or B" (where A is "the SHELL variable in /etc/default/useradd" and B is "an empty string"). 2) Never user the empty string as the default shell. This causes weird problems for any login shell process of a user whose login shell is the empty string. 3) Have just one configuration file where the default shell is defined. Good places for this include: `/etc/default/useradd` or `/etc/adduser.conf`. Update the man pages `useradd`, `adduser`, `adduser.conf` and the comments in `/etc/default/useradd` and `/etc/adduser.conf` to document this behavior. -- System Information: Debian Release: 9.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-7-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages passwd depends on: ii libaudit1 1:2.6.7-2 ii libc6 2.24-11+deb9u3 ii libpam-modules 1.1.8-3.6 ii libpam0g 1.1.8-3.6 ii libselinux1 2.6-3+b3 ii libsemanage1 2.6-2 passwd recommends no packages. passwd suggests no packages. -- no debconf information