An install document I'm following instructs to add a user like so:
sudo adduser --disabled-login --gecos 'GitLab' git
The --disabled-login
flag is absent from most man pages I have searched.
I've made two users, one with the --disabled-login
(foo
), and one without (git
).
As far as I can tell the --disabled-login
flag does nothing. I can still su
to both users, and both use /bin/bash
as their login shell.
The only difference I can see is getent passwd
has extra commas before the home folder on the user that has login's disabled. There is no documentation that I can find to indicate what this would mean.
root@gitlab:~# getent passwd git
git:x:998:998:GitLab:/home/git:/bin/bash
root@gitlab:~# getent passwd foo
foo:x:1001:1002:GitLab,,,:/home/foo:/bin/bash
UPDATE #1
I've found another difference, one user has a *
as their password, the other has !
:
root@gitlab:~# getent shadow git
git:*:15998::::::
root@gitlab:~# getent shadow foo
foo:!:15998:0:99999:7:::
What exactly does --disabled-login
do on Ubuntu?
Best Answer
The explanation is not well documented.
--disabled-login sets the password to
!
Password values
Examples
wikipedia briefly covers this. It appears that * and ! effectively do the same thing; prevent the user from logging in (but not from su'ing from a different user)