On Sat, Dec 31, 2005 at 01:51:53PM +0000, Adam Gleave wrote:
> I've searched the archives and (re)read the man page of useradd, but I
> can't understand why the -p option exists. To me, I can see no way of
> using it safely (securely) as it can display on the process listing.
>
> Admittedly, there might be some use for it that I haven't thought of -
> but in it's current form it seems far to easy to reveal a passwd hash;
> the only application I can think of is when no one other than trusted
> users have access to the process listing.
>
> Despite that, I think it would be better - although less clean - to have
> the pasword passwed on stdin.
>
> So, my question is: why is it like it currently is?
I wouldn't be all that surprised if this was in the POSIX specs.
Joachim
