From Bugzilla Helper:
User-Agent: Mozilla/4.76 [en] (X11; U; Linux 2.2.16-22 i686)
When running the adduser script on Redhat 6x or 7x with shadow password
support enabled, if the -p flag is used to specify a password
on the command line, the plain text of the password is inserted into
the /etc/shadow file instead of the MD5 hash. Runing passwd <user>
fixes the problem, so the problem is probably in the adduser utility and
not in the shadow password mechanism. Happens on i386 an Alpha.
Steps to Reproduce:
1.Run "adduser -u xxx -g yyy -d /home/zzz -s /bin/bash -p <password>
2.grep <newuser> /etc/shadow
3.passwd <newuser> will correct the problem
Actual Results: /etc/shadow contains the plaintext following <password>
Expected Results: /etc/shadow would contain the MD5 encrypted password
Only root can read /etc/shadow, but this suggests that the adduser
script is not working properly with the shadow password option.
Not to be blunt but:
and the adduser man page, which (if you have a recent version) will state that
-p adds the *encrypted* password, ie *you* are meant to encrypt it.
There is good reason behind this, as the command line is visable to all users it
would be a pity for sombody to just have to run 'ps -ax' to find out other users
BTW, there are updates and bugs related to this behaviour described in bug 7476
and bug 8923