From Bugzilla Helper: User-Agent: Mozilla/4.76 [en] (X11; U; Linux 2.2.16-22 i686) When running the adduser script on Redhat 6x or 7x with shadow password support enabled, if the -p flag is used to specify a password on the command line, the plain text of the password is inserted into the /etc/shadow file instead of the MD5 hash. Runing passwd <user> fixes the problem, so the problem is probably in the adduser utility and not in the shadow password mechanism. Happens on i386 an Alpha. Reproducible: Always Steps to Reproduce: 1.Run "adduser -u xxx -g yyy -d /home/zzz -s /bin/bash -p <password> <newuser>" 2.grep <newuser> /etc/shadow 3.passwd <newuser> will correct the problem Actual Results: /etc/shadow contains the plaintext following <password> Expected Results: /etc/shadow would contain the MD5 encrypted password Only root can read /etc/shadow, but this suggests that the adduser script is not working properly with the shadow password option.
Not to be blunt but: Please see: bug 19256 bug 4035 bug 7660 and the adduser man page, which (if you have a recent version) will state that -p adds the *encrypted* password, ie *you* are meant to encrypt it. There is good reason behind this, as the command line is visable to all users it would be a pity for sombody to just have to run 'ps -ax' to find out other users new passwords.... BTW, there are updates and bugs related to this behaviour described in bug 7476 and bug 8923