`adduser --disabled-login` 是做什么的？

解释没有很好的记录。

--disabled-login 将密码设置为!

密码值

NP or null = The account has no password
*  = The account is deactivated & locked
!  = The login is deactivated, user will be unable to login
!!  = The password has expired

例子

root@gitlab:~# getent shadow vagrant
vagrant:$6$abcdefghijklmnopqrstuvwxyz/:15805:0:99999:7:::

root@gitlab:~# getent shadow foo
foo:!:15998:0:99999:7:::

root@gitlab:~# getent shadow git
git:*:15998::::::

维基百科简要介绍了这一点。看来 * 和 !有效地做同样的事情；阻止用户登录（但不阻止其他用户的su'ing）

在手册页中对此进行了部分讨论shadow。

摘抄

$ man shadow
...
...
encrypted password
     Refer to crypt(3) for details on how this string is interpreted.

     If the password field contains some string that is not a valid result of 
     crypt(3), for instance ! or *, the user will not be able to use a unix
     password to log in (but the user may log in the system by other means).

     This field may be empty, in which case no passwords are required to 
     authenticate as the specified login name. However, some applications which
     read the /etc/shadow file may decide not to permit any access at all if the
     password field is empty.

     A password field which starts with a exclamation mark means that the 
     password is locked. The remaining characters on the line represent the 
     password field before the password was locked.

取决于您adduser在那里引用的手册页的版本。

摘抄添加用户手册页

--disabled-login
       Do  not  run passwd to set the password.  The user won't be able
       to use her account until the password is set.

--disabled-password
       Like --disabled-login, but logins are still possible (for  exam-
       ple using SSH RSA keys) but not using password authentication.

对所发生情况的更技术性解释可以在代码本身中找到 - 最好、最全面的文档（甚至编译器也能理解它）！

为了禁用密码、 $ask_passwd 和 $disabled_login 设置为 false，导致系统调用usermod -p * $username，有效禁用密码，将其（不是密码，而是哈希值）设置为*。

为了禁用登录， $disabled_login 设置为 true ，导致根本没有设置密码，保持它!（也有效地禁用它）。

该代码可以找到，例如。这里，以及锁定帐户的信息usermod 人。