Skip to main content
Unix & Linux

Return to Question

Fix (esp. code) formatting
Source Link
AdminBee
AdminBee
  • 23.6k
  • 25
  • 55
  • 77

I want to enforce my password policy to both new users and existing ones, but when I run adduser on Ubuntu 24, it allows me to add a weak password.

[sudo] password for superuser: 
info: Adding user `handsm' ...
info: Selecting UID/GID from range 1000 to 59999 ...
info: Adding new group `handsm' (1001) ...
info: Adding new user `handsm' (1001) with group `handsm (1001)' ...
info: Creating home directory `/home/handsm' ...
info: Copying files from `/etc/skel' ...
New password: 
BAD PASSWORD: The password is shorter than 10 characters
Retype new password: 
passwd: password updated successfully

$ sudo adduser handsm
[sudo] password for superuser: 
info: Adding user `handsm' ...
info: Selecting UID/GID from range 1000 to 59999 ...
info: Adding new group `handsm' (1001) ...
info: Adding new user `handsm' (1001) with group `handsm (1001)' ...
info: Creating home directory `/home/handsm' ...
info: Copying files from `/etc/skel' ...
New password: 
BAD PASSWORD: The password is shorter than 10 characters
Retype new password: 
passwd: password updated successfully

You can see it warning, and then when I repeat the weak password it accepts it anyway! My

My policy works fine for existing users who change their password. What What am I missing? FWIW

FWIW, the same problem applies for useradd:

$ sudo passwd test375
New password: 
BAD PASSWORD: The password is shorter than 10 characters
Retype new password: 
passwd: password updated successfully

$ sudo useradd test375
$ sudo passwd test375
New password: 
BAD PASSWORD: The password is shorter than 10 characters
Retype new password: 
passwd: password updated successfully

I want to enforce my password policy to both new users and existing ones, but when I run adduser on Ubuntu 24, it allows me to add a weak password.

[sudo] password for superuser: 
info: Adding user `handsm' ...
info: Selecting UID/GID from range 1000 to 59999 ...
info: Adding new group `handsm' (1001) ...
info: Adding new user `handsm' (1001) with group `handsm (1001)' ...
info: Creating home directory `/home/handsm' ...
info: Copying files from `/etc/skel' ...
New password: 
BAD PASSWORD: The password is shorter than 10 characters
Retype new password: 
passwd: password updated successfully

You can see it warning, and then when I repeat the weak password it accepts it anyway! My policy works fine for existing users who change their password. What am I missing? FWIW, the same problem applies for useradd:

$ sudo passwd test375
New password: 
BAD PASSWORD: The password is shorter than 10 characters
Retype new password: 
passwd: password updated successfully

I want to enforce my password policy to both new users and existing ones, but when I run adduser on Ubuntu 24, it allows me to add a weak password.

$ sudo adduser handsm
[sudo] password for superuser: 
info: Adding user `handsm' ...
info: Selecting UID/GID from range 1000 to 59999 ...
info: Adding new group `handsm' (1001) ...
info: Adding new user `handsm' (1001) with group `handsm (1001)' ...
info: Creating home directory `/home/handsm' ...
info: Copying files from `/etc/skel' ...
New password: 
BAD PASSWORD: The password is shorter than 10 characters
Retype new password: 
passwd: password updated successfully

You can see it warning, and then when I repeat the weak password it accepts it anyway!

My policy works fine for existing users who change their password. What am I missing?

FWIW, the same problem applies for useradd:

$ sudo useradd test375
$ sudo passwd test375
New password: 
BAD PASSWORD: The password is shorter than 10 characters
Retype new password: 
passwd: password updated successfully
Became Hot Network Question
added 238 characters in body
Source Link
machinist
machinist
  • 335
  • 1
  • 3
  • 9

I want to enforce my password policy to both new users and existing ones, but when I run adduser on Ubuntu 24, it allows me to add a weak password.

[sudo] password for superuser: 
info: Adding user `handsm' ...
info: Selecting UID/GID from range 1000 to 59999 ...
info: Adding new group `handsm' (1001) ...
info: Adding new user `handsm' (1001) with group `handsm (1001)' ...
info: Creating home directory `/home/handsm' ...
info: Copying files from `/etc/skel' ...
New password: 
BAD PASSWORD: The password is shorter than 10 characters
Retype new password: 
passwd: password updated successfully

You can see it warning, and then when I repeat the weak password it accepts it anyway! My policy works fine for existing users who change their password. What am I missing? FWIW, the same problem applies for useradd:

$ sudo passwd test375
New password: 
BAD PASSWORD: The password is shorter than 10 characters
Retype new password: 
passwd: password updated successfully

I want to enforce my password policy to both new users and existing ones, but when I run adduser on Ubuntu 24, it allows me to add a weak password.

[sudo] password for superuser: 
info: Adding user `handsm' ...
info: Selecting UID/GID from range 1000 to 59999 ...
info: Adding new group `handsm' (1001) ...
info: Adding new user `handsm' (1001) with group `handsm (1001)' ...
info: Creating home directory `/home/handsm' ...
info: Copying files from `/etc/skel' ...
New password: 
BAD PASSWORD: The password is shorter than 10 characters
Retype new password: 
passwd: password updated successfully

You can see it warning, and then when I repeat the weak password it accepts it anyway! My policy works fine for existing users who change their password. What am I missing?

I want to enforce my password policy to both new users and existing ones, but when I run adduser on Ubuntu 24, it allows me to add a weak password.

[sudo] password for superuser: 
info: Adding user `handsm' ...
info: Selecting UID/GID from range 1000 to 59999 ...
info: Adding new group `handsm' (1001) ...
info: Adding new user `handsm' (1001) with group `handsm (1001)' ...
info: Creating home directory `/home/handsm' ...
info: Copying files from `/etc/skel' ...
New password: 
BAD PASSWORD: The password is shorter than 10 characters
Retype new password: 
passwd: password updated successfully

You can see it warning, and then when I repeat the weak password it accepts it anyway! My policy works fine for existing users who change their password. What am I missing? FWIW, the same problem applies for useradd:

$ sudo passwd test375
New password: 
BAD PASSWORD: The password is shorter than 10 characters
Retype new password: 
passwd: password updated successfully
Source Link
machinist
machinist
  • 335
  • 1
  • 3
  • 9

adduser allows weak password - how to prevent?

I want to enforce my password policy to both new users and existing ones, but when I run adduser on Ubuntu 24, it allows me to add a weak password.

[sudo] password for superuser: 
info: Adding user `handsm' ...
info: Selecting UID/GID from range 1000 to 59999 ...
info: Adding new group `handsm' (1001) ...
info: Adding new user `handsm' (1001) with group `handsm (1001)' ...
info: Creating home directory `/home/handsm' ...
info: Copying files from `/etc/skel' ...
New password: 
BAD PASSWORD: The password is shorter than 10 characters
Retype new password: 
passwd: password updated successfully

You can see it warning, and then when I repeat the weak password it accepts it anyway! My policy works fine for existing users who change their password. What am I missing?