- from PLD

diff --git a/chage.pamd b/chage.pamd
new file mode 100644 (file)
index 0000000..cd2149e
--- /dev/null
+++ b/chage.pamd
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth           sufficient      pam_rootok.so
+auth           required        pam_deny.so
+account                required        pam_permit.so
+password       include         system-auth

diff --git a/chfn.pamd b/chfn.pamd
new file mode 100644 (file)
index 0000000..0aa09c4
--- /dev/null
+++ b/chfn.pamd
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth           sufficient      pam_rootok.so
+auth           required        pam_listfile.so item=user sense=allow file=/etc/security/chfn.allow onerr=fail
+auth           include         system-auth
+account                include         system-auth
+password       include         system-auth

diff --git a/chgpasswd.pamd b/chgpasswd.pamd
new file mode 100644 (file)
index 0000000..cd2149e
--- /dev/null
+++ b/chgpasswd.pamd
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth           sufficient      pam_rootok.so
+auth           required        pam_deny.so
+account                required        pam_permit.so
+password       include         system-auth

diff --git a/chpasswd.pamd b/chpasswd.pamd
new file mode 100644 (file)
index 0000000..cd2149e
--- /dev/null
+++ b/chpasswd.pamd
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth           sufficient      pam_rootok.so
+auth           required        pam_deny.so
+account                required        pam_permit.so
+password       include         system-auth

diff --git a/chsh.pamd b/chsh.pamd
new file mode 100644 (file)
index 0000000..ac578e1
--- /dev/null
+++ b/chsh.pamd
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth           sufficient      pam_rootok.so
+auth           required        pam_listfile.so item=user sense=allow file=/etc/security/chsh.allow onerr=fail
+auth           include         system-auth
+account                include         system-auth
+password       include         system-auth

diff --git a/groupadd.pamd b/groupadd.pamd
new file mode 100644 (file)
index 0000000..cd2149e
--- /dev/null
+++ b/groupadd.pamd
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth           sufficient      pam_rootok.so
+auth           required        pam_deny.so
+account                required        pam_permit.so
+password       include         system-auth

diff --git a/groupdel.pamd b/groupdel.pamd
new file mode 100644 (file)
index 0000000..cd2149e
--- /dev/null
+++ b/groupdel.pamd
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth           sufficient      pam_rootok.so
+auth           required        pam_deny.so
+account                required        pam_permit.so
+password       include         system-auth

diff --git a/groupmems.pamd b/groupmems.pamd
new file mode 100644 (file)
index 0000000..0aa09c4
--- /dev/null
+++ b/groupmems.pamd
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth           sufficient      pam_rootok.so
+auth           required        pam_listfile.so item=user sense=allow file=/etc/security/chfn.allow onerr=fail
+auth           include         system-auth
+account                include         system-auth
+password       include         system-auth

diff --git a/groupmod.pamd b/groupmod.pamd
new file mode 100644 (file)
index 0000000..cd2149e
--- /dev/null
+++ b/groupmod.pamd
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth           sufficient      pam_rootok.so
+auth           required        pam_deny.so
+account                required        pam_permit.so
+password       include         system-auth

diff --git a/newusers.pamd b/newusers.pamd
new file mode 100644 (file)
index 0000000..cd2149e
--- /dev/null
+++ b/newusers.pamd
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth           sufficient      pam_rootok.so
+auth           required        pam_deny.so
+account                required        pam_permit.so
+password       include         system-auth

diff --git a/passwd.pamd b/passwd.pamd
new file mode 100644 (file)
index 0000000..6a4fd03
--- /dev/null
+++ b/passwd.pamd
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth           required        pam_listfile.so item=user sense=deny file=/etc/security/blacklist.passwd onerr=succeed
+auth           include         system-auth
+account                include         system-auth
+password       include         system-auth

diff --git a/shadow-goodname.patch b/shadow-goodname.patch
new file mode 100644 (file)
index 0000000..1fdd84f
--- /dev/null
+++ b/shadow-goodname.patch
@@ -0,0 +1,118 @@
+diff -up shadow-4.1.5.1/libmisc/chkname.c.goodname shadow-4.1.5.1/libmisc/chkname.c
+--- shadow-4.1.5.1/libmisc/chkname.c.goodname  2009-07-13 00:24:45.000000000 +0200
++++ shadow-4.1.5.1/libmisc/chkname.c   2012-09-19 18:43:53.492160653 +0200
+@@ -49,20 +49,28 @@
+ static bool is_valid_name (const char *name)
+ {
+       /*
+-       * User/group names must match [a-z_][a-z0-9_-]*[$]
+-       */
+-      if (('\0' == *name) ||
+-          !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) {
++         * User/group names must match gnu e-regex:
++         *    [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]?
++         *
++         * as a non-POSIX, extension, allow "$" as the last char for
++         * sake of Samba 3.x "add machine script"
++         */
++      if ( ('\0' == *name) ||
++             !((*name >= 'a' && *name <= 'z') ||
++               (*name >= 'A' && *name <= 'Z') ||
++               (*name >= '0' && *name <= '9') ||
++               (*name == '_') || (*name == '.') 
++            )) {
+               return false;
+       }
+ 
+       while ('\0' != *++name) {
+-              if (!(( ('a' <= *name) && ('z' >= *name) ) ||
+-                    ( ('0' <= *name) && ('9' >= *name) ) ||
+-                    ('_' == *name) ||
+-                    ('-' == *name) ||
+-                    ( ('$' == *name) && ('\0' == *(name + 1)) )
+-                   )) {
++                if (!(  (*name >= 'a' && *name <= 'z') ||
++                        (*name >= 'A' && *name <= 'Z') ||
++                        (*name >= '0' && *name <= '9') ||
++                        (*name == '_') || (*name == '.') || (*name == '-') ||
++                        (*name == '$' && *(name + 1) == '\0') 
++                     )) {
+                       return false;
+               }
+       }
+diff -up shadow-4.1.5.1/man/groupadd.8.xml.goodname shadow-4.1.5.1/man/groupadd.8.xml
+--- shadow-4.1.5.1/man/groupadd.8.xml.goodname 2012-05-25 13:45:27.000000000 +0200
++++ shadow-4.1.5.1/man/groupadd.8.xml  2012-09-19 18:43:53.492160653 +0200
+@@ -259,12 +259,6 @@
+    <refsect1 id='caveats'>
+      <title>CAVEATS</title>
+      <para>
+-       Groupnames must start with a lower case letter or an underscore,
+-       followed by lower case letters, digits, underscores, or dashes.
+-       They can end with a dollar sign.
+-       In regular expression terms: [a-z_][a-z0-9_-]*[$]?
+-     </para>
+-     <para>
+        Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long.
+      </para>
+      <para>
+diff -up shadow-4.1.5.1/man/man8/groupadd.8.goodname shadow-4.1.5.1/man/man8/groupadd.8
+--- shadow-4.1.5.1/man/man8/groupadd.8.goodname        2012-05-25 13:58:40.000000000 +0200
++++ shadow-4.1.5.1/man/man8/groupadd.8 2012-09-19 18:44:42.175123079 +0200
+@@ -190,9 +190,7 @@ Shadow password suite configuration\&.
+ .RE
+ .SH "CAVEATS"
+ .PP
+-Groupnames must start with a lower case letter or an underscore, followed by lower case letters, digits, underscores, or dashes\&. They can end with a dollar sign\&. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$]?
+-.PP
+-Groupnames may only be up to 16 characters long\&.
++Groupnames may only be up to 32 characters long\&.
+ .PP
+ You may not add a NIS or LDAP group\&. This must be performed on the corresponding server\&.
+ .PP
+diff -up shadow-4.1.5.1/man/man8/useradd.8.goodname shadow-4.1.5.1/man/man8/useradd.8
+--- shadow-4.1.5.1/man/man8/useradd.8.goodname 2012-05-25 13:59:28.000000000 +0200
++++ shadow-4.1.5.1/man/man8/useradd.8  2012-09-19 18:46:09.249033949 +0200
+@@ -224,7 +224,7 @@ is not enabled, no home directories are
+ .PP
+ \fB\-M\fR
+ .RS 4
+-Do no create the user\*(Aqs home directory, even if the system wide setting from
++Do not create the user\*(Aqs home directory, even if the system wide setting from
+ /etc/login\&.defs
+ (\fBCREATE_HOME\fR) is set to
+ \fIyes\fR\&.
+@@ -430,8 +430,6 @@ Similarly, if the username already exist
+ \fBuseradd\fR
+ will deny the user account creation request\&.
+ .PP
+-Usernames must start with a lower case letter or an underscore, followed by lower case letters, digits, underscores, or dashes\&. They can end with a dollar sign\&. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$]?
+-.PP
+ Usernames may only be up to 32 characters long\&.
+ .SH "CONFIGURATION"
+ .PP
+diff -up shadow-4.1.5.1/man/useradd.8.xml.goodname shadow-4.1.5.1/man/useradd.8.xml
+--- shadow-4.1.5.1/man/useradd.8.xml.goodname  2012-05-25 13:45:29.000000000 +0200
++++ shadow-4.1.5.1/man/useradd.8.xml   2012-09-19 18:43:53.493160675 +0200
+@@ -366,7 +366,7 @@
+       </term>
+       <listitem>
+         <para>
+-          Do no create the user's home directory, even if the system
++          Do not create the user's home directory, even if the system
+           wide setting from <filename>/etc/login.defs</filename>
+           (<option>CREATE_HOME</option>) is set to
+           <replaceable>yes</replaceable>.
+@@ -654,12 +654,6 @@
+     </para>
+ 
+     <para>
+-      Usernames must start with a lower case letter or an underscore,
+-      followed by lower case letters, digits, underscores, or dashes.
+-      They can end with a dollar sign.
+-      In regular expression terms: [a-z_][a-z0-9_-]*[$]?
+-    </para>
+-    <para>
+       Usernames may only be up to 32 characters long.
+     </para>
+   </refsect1>

diff --git a/shadow-login.defs b/shadow-login.defs
new file mode 100644 (file)
index 0000000..25b4b05
--- /dev/null
+++ b/shadow-login.defs
@@ -0,0 +1,387 @@
+#
+# /etc/login.defs - Configuration control definitions for the shadow package.
+#
+#      $Id: login.defs 3189 2010-03-26 11:53:06Z nekral-guest $
+#
+
+#
+# Delay in seconds before being allowed another attempt after a login failure
+# Note: When PAM is used, some modules may enfore a minimal delay (e.g.
+#       pam_unix enforces a 2s delay)
+#
+FAIL_DELAY             3
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+#
+FAILLOG_ENAB           yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+LOG_UNKFAIL_ENAB       no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS          no
+
+#
+# Enable logging and display of /var/log/lastlog login time info.
+#
+LASTLOG_ENAB           yes
+
+#
+# Enable checking and display of mailbox status upon login.
+#
+# Disable if the shell startup files already check for mail
+# ("mailx -e" or equivalent).
+#
+MAIL_CHECK_ENAB                yes
+
+#
+# Enable additional checks upon password changes.
+#
+OBSCURE_CHECKS_ENAB    yes
+
+#
+# Enable checking of time restrictions specified in /etc/porttime.
+#
+PORTTIME_CHECKS_ENAB   yes
+
+#
+# Enable setting of ulimit, umask, and niceness from passwd gecos field.
+#
+QUOTAS_ENAB            yes
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB         yes
+SYSLOG_SG_ENAB         yes
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+CONSOLE                /etc/securetty
+#CONSOLE       console:tty01:tty02:tty03:tty04
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE    /var/log/sulog
+
+#
+# If defined, ":" delimited list of "message of the day" files to
+# be displayed upon login.
+#
+MOTD_FILE      /etc/motd
+#MOTD_FILE     /etc/motd:/usr/lib/news/news-motd
+
+#
+# If defined, this file will be output before each login prompt.
+#
+#ISSUE_FILE    /etc/issue
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE  /etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format.
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE      /var/log/btmp
+
+#
+# If defined, name of file whose presence which will inhibit non-root
+# logins.  The contents of this file should be a message indicating
+# why logins are inhibited.
+#
+NOLOGINS_FILE  /etc/nologin
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME                su
+
+#
+# *REQUIRED*
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define both, MAIL_DIR takes precedence.
+#
+MAIL_DIR       /var/mail
+#MAIL_FILE     .mail
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE .hushlogin
+#HUSHLOGIN_FILE        /etc/hushlogins
+
+#
+# If defined, either a TZ environment parameter spec or the
+# fully-rooted pathname of a file containing such a spec.
+#
+#ENV_TZ                TZ=CST6CDT
+#ENV_TZ                /etc/tzname
+
+#
+# If defined, an HZ environment parameter spec.
+#
+# for Linux/x86
+ENV_HZ         HZ=100
+# For Linux/Alpha...
+#ENV_HZ                HZ=1024
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH     PATH=/sbin:/bin:/usr/sbin:/usr/bin
+ENV_PATH       PATH=/bin:/usr/bin
+
+#
+# Terminal permissions
+#
+#      TTYGROUP        Login tty will be assigned this group ownership.
+#      TTYPERM         Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+TTYGROUP       tty
+TTYPERM                0600
+
+#
+# Login configuration initializations:
+#
+#      ERASECHAR       Terminal ERASE character ('\010' = backspace).
+#      KILLCHAR        Terminal KILL character ('\025' = CTRL/U).
+#      ULIMIT          Default "ulimit" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# The ULIMIT is used only if the system supports it.
+# (now it works with setrlimit too; ulimit is in 512-byte units)
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR      0177
+KILLCHAR       025
+#ULIMIT                2097152
+
+# Default initial "umask" value used by login on non-PAM enabled systems.
+# Default "umask" value for pam_umask on PAM enabled systems.
+# UMASK is also used by useradd and newusers to set the mode of new home
+# directories.
+# 022 is the default value, but 027, or even 077, could be considered
+# better for privacy. There is no One True Answer here: each sysadmin
+# must make up her mind.
+UMASK          022
+
+#
+# Password aging controls:
+#
+#      PASS_MAX_DAYS   Maximum number of days a password may be used.
+#      PASS_MIN_DAYS   Minimum number of days allowed between password changes.
+#      PASS_MIN_LEN    Minimum acceptable password length.
+#      PASS_WARN_AGE   Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS  99999
+PASS_MIN_DAYS  0
+PASS_MIN_LEN   5
+PASS_WARN_AGE  7
+
+#
+# If "yes", the user must be listed as a member of the first gid 0 group
+# in /etc/group (called "root" on most Linux systems) to be able to "su"
+# to uid 0 accounts.  If the group doesn't exist or is empty, no one
+# will be able to "su" to uid 0.
+#
+SU_WHEEL_ONLY  no
+
+#
+# If compiled with cracklib support, where are the dictionaries
+#
+CRACKLIB_DICTPATH      /var/cache/cracklib/cracklib_dict
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN                         1000
+UID_MAX                        60000
+# System accounts
+SYS_UID_MIN              1
+SYS_UID_MAX              999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN                         1000
+GID_MAX                        60000
+# System accounts
+SYS_GID_MIN              10
+SYS_GID_MAX              999
+
+#
+# Max number of login retries if password is bad
+#
+LOGIN_RETRIES          5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT          60
+
+#
+# Maximum number of attempts to change password if rejected (too easy)
+#
+PASS_CHANGE_TRIES      5
+
+#
+# Warn about weak passwords (but still allow them) if you are root.
+#
+PASS_ALWAYS_WARN       yes
+
+#
+# Number of significant characters in the password for crypt().
+# Default is 8, don't change unless your crypt() is better.
+# Ignored if MD5_CRYPT_ENAB set to "yes".
+#
+#PASS_MAX_LEN          8
+
+#
+# Require password before chfn/chsh can make any changes.
+#
+CHFN_AUTH              yes
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT          rwh
+
+#
+# Password prompt (%s will be replaced by user name).
+#
+# XXX - it doesn't work correctly yet, for now leave it commented out
+# to use the default which is just "Password: ".
+#LOGIN_STRING          "%s's Password: "
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# Note: If you use PAM, it is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB        no
+
+#
+# Only works if compiled with ENCRYPTMETHOD_SELECT defined:
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: If you use PAM, it is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+#CONSOLE_GROUPS                floppy:audio:cdrom
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default in no.
+#
+DEFAULT_HOME   yes
+
+#
+# If this file exists and is readable, login environment will be
+# read from it.  Every line should be in the form name=value.
+#
+ENVIRON_FILE   /etc/environment
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD   /usr/sbin/userdel_local
+
+#
+# Enable setting of the umask group bits to be the same as owner bits
+# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is
+# the same as gid, and username is the same as the primary group name.
+#
+# This also enables userdel to remove user groups if no members exist.
+#
+#USERGROUPS_ENAB yes
+
+#
+# If set to a non-nul number, the shadow utilities will make sure that
+# groups never have more than this number of users on one line.
+# This permit to support split groups (groups split into multiple lines,
+# with the same group ID, to avoid limitation of the line length in the
+# group file).
+#
+# 0 is the default value and disables this feature.
+#
+#MAX_MEMBERS_PER_GROUP 0
+
+#
+# If useradd should create home directories for users by default (non
+# system users only)
+# This option is overridden with the -M or -m flags on the useradd command
+# line.
+#
+#CREATE_HOME     yes
+

diff --git a/shadow-pld.patch b/shadow-pld.patch
new file mode 100644 (file)
index 0000000..69836c2
--- /dev/null
+++ b/shadow-pld.patch
@@ -0,0 +1,51 @@
+--- shadow-4.0.6/src/useradd.c 2004-11-18 21:45:00.713398344 +0100
++++ shadow-4.0.16/src/useradd.c        2006-06-08 01:17:05.580340031 +0300
+@@ -72,10 +72,10 @@
+ /*
+  * These defaults are used if there is no defaults file.
+  */
+-static gid_t def_group = 100;
++static gid_t def_group = 1000;
+ static const char *def_gname = "other";
+-static const char *def_home = "/home";
+-static const char *def_shell = "";
++static const char *def_home = "/home/users";
++static const char *def_shell = "/sbin/nologin";
+ static const char *def_template = SKEL_DIR;
+ static const char *def_create_mail_spool = "no";
+ 
+@@ -89,7 +89,7 @@
+ #define       VALID(s)        (strcspn (s, ":\n") == strlen (s))
+ 
+ static const char *user_name = "";
+-static const char *user_pass = "!";
++static const char *user_pass = "!!";
+ static uid_t user_id;
+ static gid_t user_gid;
+ static const char *user_comment = "";
+--- shadow-4.5/libmisc/find_new_gid.c~ 2017-01-29 22:37:22.000000000 +0200
++++ shadow-4.5/libmisc/find_new_gid.c  2017-05-17 23:13:32.785253060 +0300
+@@ -61,8 +61,8 @@
+               /* A requested ID is allowed to be below the autoselect range */
+               *preferred_min = (gid_t) 1;
+ 
+-              /* Get the minimum ID range from login.defs or default to 101 */
+-              *min_id = (gid_t) getdef_ulong ("SYS_GID_MIN", 101UL);
++              /* Get the minimum ID range from login.defs or default to 10 */
++              *min_id = (gid_t) getdef_ulong ("SYS_GID_MIN", 10UL);
+ 
+               /*
+                * If SYS_GID_MAX is unspecified, we should assume it to be one
+--- shadow-4.5/libmisc/find_new_uid.c~ 2017-01-29 22:37:22.000000000 +0200
++++ shadow-4.5/libmisc/find_new_uid.c  2017-05-17 23:10:38.366687971 +0300
+@@ -61,8 +61,8 @@
+               /* A requested ID is allowed to be below the autoselect range */
+               *preferred_min = (uid_t) 1;
+ 
+-              /* Get the minimum ID range from login.defs or default to 101 */
+-              *min_id = (uid_t) getdef_ulong ("SYS_UID_MIN", 101UL);
++              /* Get the minimum ID range from login.defs or default to 1 */
++              *min_id = (uid_t) getdef_ulong ("SYS_UID_MIN", 1UL);
+ 
+               /*
+                * If SYS_UID_MAX is unspecified, we should assume it to be one

diff --git a/shadow.spec b/shadow.spec
new file mode 100644 (file)
index 0000000..ab458da
--- /dev/null
+++ b/shadow.spec
@@ -0,0 +1,648 @@
+# TODO
+# - /etc/login.defs contains options valid only when PAM is disabled:
+# gpasswd -M chef_server chef_server
+#configuration error - unknown item 'FAILLOG_ENAB' (notify administrator)
+#configuration error - unknown item 'LASTLOG_ENAB' (notify administrator)
+#configuration error - unknown item 'MAIL_CHECK_ENAB' (notify administrator)
+#configuration error - unknown item 'OBSCURE_CHECKS_ENAB' (notify administrator)
+#configuration error - unknown item 'PORTTIME_CHECKS_ENAB' (notify administrator)
+#configuration error - unknown item 'QUOTAS_ENAB' (notify administrator)
+#configuration error - unknown item 'MOTD_FILE' (notify administrator)
+#configuration error - unknown item 'FTMP_FILE' (notify administrator)
+#configuration error - unknown item 'NOLOGINS_FILE' (notify administrator)
+#configuration error - unknown item 'ENV_HZ' (notify administrator)
+#configuration error - unknown item 'PASS_MIN_LEN' (notify administrator)
+#configuration error - unknown item 'SU_WHEEL_ONLY' (notify administrator)
+#configuration error - unknown item 'CRACKLIB_DICTPATH' (notify administrator)
+#configuration error - unknown item 'PASS_CHANGE_TRIES' (notify administrator)
+#configuration error - unknown item 'PASS_ALWAYS_WARN' (notify administrator)
+#configuration error - unknown item 'CHFN_AUTH' (notify administrator)
+#configuration error - unknown item 'ENVIRON_FILE' (notify administrator)
+# - sync pam files from pwdutils
+# - tcb support?
+# - ensure Conflicts with various packages (util-linux,sysvinit,coreutils) is up to date
+
+# Conditional build:
+%bcond_without selinux         # build without SE-Linux support
+%bcond_with    shared          # build with shared libshadow (linking with selinux is broken)
+
+Summary:       Shadow password file utilities for Linux
+Summary(de.UTF-8):     Shadow-Paßwortdatei-Dienstprogramme für Linux
+Summary(es.UTF-8):     Utilitarios para el archivo de contraseñas Shadow
+Summary(fr.UTF-8):     Fichiers utilitaires pour Shadow password pour Linux
+Summary(pl.UTF-8):     Narzędzia do obsługi mechanizmu ukrytych haseł
+Summary(pt_BR.UTF-8):  Utilitários para o arquivo de senhas Shadow
+Summary(tr.UTF-8):     Gölge parola dosyası araçları
+Name:          shadow
+Version:       4.6
+#BuildRequires:        useradd -g is broken, use pwdutils, or fix it:
+# http://zie.pg.gda.pl/mailman/pipermail/shadow/2006-September/000395.html
+Release:       0.1
+Epoch:         1
+License:       BSD
+Group:         Applications/System
+Source0:       https://github.com/shadow-maint/shadow/releases/download/%{version}/%{name}-%{version}.tar.xz
+# Source0-md5: b491fecbf1232632c32ff8f1437fd60e
+Source2:       %{name}-login.defs
+Source3:       %{name}.useradd
+Source10:      chage.pamd
+Source11:      chfn.pamd
+Source12:      chgpasswd.pamd
+Source13:      chpasswd.pamd
+Source14:      chsh.pamd
+Source15:      groupadd.pamd
+Source16:      groupdel.pamd
+Source17:      groupmems.pamd
+Source18:      groupmod.pamd
+Source19:      newusers.pamd
+Source20:      passwd.pamd
+Source21:      useradd.pamd
+Source22:      userdel.pamd
+Source23:      usermod.pamd
+Patch0:                %{name}-pld.patch
+# allow names with upper case letters or containing dot in the middle
+Patch1:                %{name}-goodname.patch
+URL:           https://github.com/shadow-maint/shadow
+BuildRequires: acl-devel
+BuildRequires: attr-devel
+BuildRequires: audit-libs-devel
+BuildRequires: autoconf >= 2.64
+BuildRequires: automake >= 1:1.11
+BuildRequires: gettext-tools >= 0.12.1
+%{?with_selinux:BuildRequires: libselinux-devel}
+%{?with_selinux:BuildRequires: libsemanage-devel}
+BuildRequires: libtool
+BuildRequires: pam-devel
+BuildRequires: tar >= 1:1.22
+BuildRequires: xz
+Requires:      pam >= 0.99.7.1
+Provides:      passwd
+Provides:      shadow-utils
+Obsoletes:     passwd
+Obsoletes:     pwdutils
+Obsoletes:     shadow-extras
+Obsoletes:     shadow-utils
+Conflicts:     util-linux < 2.12-10
+BuildRoot:     %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
+
+%description
+This package includes the programs necessary to convert standard UNIX
+password files to the shadow password format, as well as programs for
+command-line management of the user's accounts.
+- pwconv - converts everything to the shadow password format,
+- pwunconv - unconverts from shadow password, generating a file in the
+  current directory called npasswd that is a standard UNIX password
+  file,
+- pwck - checks the integrity of the password and shadow files,
+- useradd, userdel, usermod - for accounts management,
+- groupadd, groupdel, groupmod - for group management.
+
+A number of man pages are also included that relate to these
+utilities, and shadow passwords in general.
+
+%description -l es.UTF-8
+Este paquete incluye los programas necesarios para convertir Archivos
+padrón UNIX de contraseña al formato shadow.
+- pwconv5 - convierte todo al formato de contraseñas del shadow,
+- pwunconv - deshace la conversión de contraseñas shadow, creando un
+  archivo en el directorio corriente llamado npasswd que es el archivo
+  padrón UNIX de contraseña,
+- pwck - chequea la integridad de la contraseña y de los archivos
+  shadow,
+
+Están también incluidas, en general, varias páginas de manual sobre
+estos utilitarios y contraseñas shadow.
+
+%description -l pl.UTF-8
+Pakiet zawiera programy do obsługi mechanizmu ukrytych haseł (shadow
+password). Znajdują się w nim programy do konwersji standardowego
+pliku haseł do wersji shadow password a także programy do zarządzania
+kontami użytkowników w systemie:
+- pwconv - konwertuje do formatu shadow password
+- pwunconv - konwertuje z shadow password do formatu standardowego
+  pliku haseł. W bieżącym katalogu tworzy plik npasswd będący
+  standardowym plikiem z hasłami,
+- useradd, userdel, usermod - do zarządzania kontami użytkowników,
+- groupadd, groupdel, groupmod - do zarządzania grupami.
+
+Ostrzeżenie:
+
+Programy znajdujące się w tym pakiecie są niezbędne do prawidłowej
+pracy systemu i podobnie jak pakiet z bibliotekami systemowymi (glibc)
+nigdy nie powinien zostać odinstalowany!
+
+%description -l pt_BR.UTF-8
+Este pacote inclui os programas necessários para converter
+arquivos-padrão UNIX de senha para o formato shadow.
+- pwconv - converte tudo para o formato de senhas do shadow,
+- pwunconv - desconverte senhas shadow, gerando um arquivo no
+  diretório corrente chamado npasswd que é o arquivo-padrão UNIX de
+  senha,
+- pwck - checa a integridade da senha e dos arquivos shadow,
+
+Várias páginas de manual estão também incluídas sobre estes
+utilitários e senhas shadow em geral.
+
+%prep
+%setup -q
+%patch0 -p1
+%patch1 -p1
+
+%build
+# NOTE:
+# - cracklib option refers to non-PAM passwd code
+# - skey referes to non-PAM pw_auth/passwd_check (login, su, chfn, chsh) code
+%configure \
+       --bindir=/bin \
+       --sbindir=/sbin \
+       --enable-shadowgrp \
+       %{?with_shared:--enable-shared --disable-static} \
+       --disable-silent-rules \
+       --enable-subordinate-ids \
+       --with-acl \
+       --with-attr \
+       --with-audit \
+       --with-group-name-max-length=32 \
+       --with-libpam \
+       --with-nscd \
+       --without-libcrack \
+       %{?with_selinux:--with-selinux} \
+       --with-sha-crypt \
+       --without-tcb
+
+%{__make}
+
+%install
+rm -rf $RPM_BUILD_ROOT
+install -d $RPM_BUILD_ROOT{/sbin,%{_sysconfdir}/{default,pam.d,security,skel/tmp}}
+
+%{__make} install \
+       DESTDIR=$RPM_BUILD_ROOT
+
+cp -p %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/login.defs
+cp -p %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/default/useradd
+
+cp -p %{SOURCE10} $RPM_BUILD_ROOT/etc/pam.d/chage
+cp -p %{SOURCE11} $RPM_BUILD_ROOT/etc/pam.d/chfn
+cp -p %{SOURCE12} $RPM_BUILD_ROOT/etc/pam.d/chgpasswd
+cp -p %{SOURCE13} $RPM_BUILD_ROOT/etc/pam.d/chpasswd
+cp -p %{SOURCE14} $RPM_BUILD_ROOT/etc/pam.d/chsh
+cp -p %{SOURCE15} $RPM_BUILD_ROOT/etc/pam.d/groupadd
+cp -p %{SOURCE16} $RPM_BUILD_ROOT/etc/pam.d/groupdel
+cp -p %{SOURCE17} $RPM_BUILD_ROOT/etc/pam.d/groupmems
+cp -p %{SOURCE18} $RPM_BUILD_ROOT/etc/pam.d/groupmod
+cp -p %{SOURCE19} $RPM_BUILD_ROOT/etc/pam.d/newusers
+cp -p %{SOURCE20} $RPM_BUILD_ROOT/etc/pam.d/passwd
+cp -p %{SOURCE21} $RPM_BUILD_ROOT/etc/pam.d/useradd
+cp -p %{SOURCE22} $RPM_BUILD_ROOT/etc/pam.d/userdel
+cp -p %{SOURCE23} $RPM_BUILD_ROOT/etc/pam.d/usermod
+
+> $RPM_BUILD_ROOT%{_sysconfdir}/shadow
+> $RPM_BUILD_ROOT/etc/security/chfn.allow
+> $RPM_BUILD_ROOT/etc/security/chsh.allow
+
+%{__rm} $RPM_BUILD_ROOT/{etc/pam.d,bin}/{login,su}
+%{__rm} $RPM_BUILD_ROOT%{_mandir}/{,*/}man1/{login,su}.1*
+%{__rm} $RPM_BUILD_ROOT%{_mandir}/{,*/}man3/*.3*
+
+# packaged in SysVinit-tools
+%{__rm} $RPM_BUILD_ROOT%{_bindir}/lastlog
+%{__rm} $RPM_BUILD_ROOT%{_mandir}/{,*/}man8/lastlog.8*
+# packaged in coreutils
+%{__rm} $RPM_BUILD_ROOT/bin/groups
+%{__rm} $RPM_BUILD_ROOT%{_mandir}/{,*/}man1/groups.1*
+# packaged in util-linux
+%{__rm} $RPM_BUILD_ROOT/sbin/nologin
+%{__rm} $RPM_BUILD_ROOT%{_mandir}/{,*/}man*/nologin.8*
+
+%find_lang %{name}
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%post
+%{?with_shared:/sbin/ldconfig}
+if [ ! -f /etc/shadow ]; then
+       %{_sbindir}/pwconv
+fi
+
+%{?with_shared:%postun -p /sbin/ldconfig}
+
+%files -f %{name}.lang
+%defattr(644,root,root,755)
+%doc ChangeLog NEWS TODO doc/{HOWTO,WISHLIST}
+%attr(750,root,root) %dir %{_sysconfdir}/default
+%attr(640,root,root) %config %verify(not md5 mtime size) %{_sysconfdir}/default/useradd
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/chage
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/chfn
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/chgpasswd
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/chpasswd
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/chsh
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/groupadd
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/groupdel
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/groupmems
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/groupmod
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/newusers
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/passwd
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/useradd
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/userdel
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/usermod
+
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/chfn.allow
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/chsh.allow
+%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/login.defs
+%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %ghost %{_sysconfdir}/shadow
+%dir /etc/skel
+%dir /etc/skel/tmp
+%{?with_shared:%attr(755,root,root) %{_libdir}/lib*.so.*.*}
+%attr(4755,root,root) %{_bindir}/chfn
+%attr(4755,root,root) %{_bindir}/chsh
+%attr(4755,root,root) %{_bindir}/expiry
+%attr(4755,root,root) %{_bindir}/gpasswd
+%attr(4755,root,root) %{_bindir}/passwd
+%attr(755,root,root) %{_bindir}/chage
+%attr(755,root,root) %{_bindir}/faillog
+%attr(755,root,root) %{_bindir}/newgidmap
+%attr(755,root,root) %{_bindir}/newgrp
+%attr(755,root,root) %{_bindir}/newuidmap
+%attr(755,root,root) %{_bindir}/sg
+%attr(755,root,root) %{_sbindir}/chgpasswd
+%attr(755,root,root) %{_sbindir}/chpasswd
+%attr(755,root,root) %{_sbindir}/groupadd
+%attr(755,root,root) %{_sbindir}/groupdel
+%attr(755,root,root) %{_sbindir}/groupmems
+%attr(755,root,root) %{_sbindir}/groupmod
+%attr(755,root,root) %{_sbindir}/grpck
+%attr(755,root,root) %{_sbindir}/grpconv
+%attr(755,root,root) %{_sbindir}/grpunconv
+%attr(755,root,root) %{_sbindir}/logoutd
+%attr(755,root,root) %{_sbindir}/newusers
+%attr(755,root,root) %{_sbindir}/pwck
+%attr(755,root,root) %{_sbindir}/pwconv
+%attr(755,root,root) %{_sbindir}/pwunconv
+%attr(755,root,root) %{_sbindir}/useradd
+%attr(755,root,root) %{_sbindir}/userdel
+%attr(755,root,root) %{_sbindir}/usermod
+%attr(755,root,root) %{_sbindir}/vigr
+%attr(755,root,root) %{_sbindir}/vipw
+%{_mandir}/man1/chage.1*
+%{_mandir}/man1/chfn.1*
+%{_mandir}/man1/chsh.1*
+%{_mandir}/man1/expiry.1*
+%{_mandir}/man1/gpasswd.1*
+%{_mandir}/man1/newgidmap.1*
+%{_mandir}/man1/newgrp.1*
+%{_mandir}/man1/newuidmap.1*
+%{_mandir}/man1/passwd.1*
+%{_mandir}/man1/sg.1*
+%{_mandir}/man5/faillog.5*
+%{_mandir}/man5/gshadow.5*
+%{_mandir}/man5/login.defs.5*
+%{_mandir}/man5/passwd.5*
+%{_mandir}/man5/shadow.5*
+%{_mandir}/man5/suauth.5*
+%{_mandir}/man5/subgid.5*
+%{_mandir}/man5/subuid.5*
+%{_mandir}/man8/chgpasswd.8*
+%{_mandir}/man8/chpasswd.8*
+%{_mandir}/man8/faillog.8*
+%{_mandir}/man8/groupadd.8*
+%{_mandir}/man8/groupdel.8*
+%{_mandir}/man8/groupmems.8*
+%{_mandir}/man8/groupmod.8*
+%{_mandir}/man8/grpck.8*
+%{_mandir}/man8/grpconv.8*
+%{_mandir}/man8/grpunconv.8*
+%{_mandir}/man8/logoutd.8*
+%{_mandir}/man8/newusers.8*
+%{_mandir}/man8/pwck.8*
+%{_mandir}/man8/pwconv.8*
+%{_mandir}/man8/pwunconv.8*
+%{_mandir}/man8/useradd.8*
+%{_mandir}/man8/userdel.8*
+%{_mandir}/man8/usermod.8*
+%{_mandir}/man8/vigr.8*
+%{_mandir}/man8/vipw.8*
+
+%lang(cs) %{_mandir}/cs/man1/expiry.1*
+%lang(cs) %{_mandir}/cs/man1/gpasswd.1*
+%lang(cs) %{_mandir}/cs/man5/faillog.5*
+%lang(cs) %{_mandir}/cs/man5/gshadow.5*
+%lang(cs) %{_mandir}/cs/man5/passwd.5*
+%lang(cs) %{_mandir}/cs/man5/shadow.5*
+%lang(cs) %{_mandir}/cs/man8/faillog.8*
+%lang(cs) %{_mandir}/cs/man8/groupadd.8*
+%lang(cs) %{_mandir}/cs/man8/groupdel.8*
+%lang(cs) %{_mandir}/cs/man8/groupmod.8*
+%lang(cs) %{_mandir}/cs/man8/grpck.8*
+%lang(cs) %{_mandir}/cs/man8/vipw.8*
+
+%lang(da) %{_mandir}/da/man1/chfn.1*
+%lang(da) %{_mandir}/da/man1/newgrp.1*
+%lang(da) %{_mandir}/da/man1/sg.1*
+%lang(da) %{_mandir}/da/man5/gshadow.5*
+%lang(da) %{_mandir}/da/man8/groupdel.8*
+%lang(da) %{_mandir}/da/man8/logoutd.8*
+%lang(da) %{_mandir}/da/man8/vigr.8
+%lang(da) %{_mandir}/da/man8/vipw.8*
+
+%lang(de) %{_mandir}/de/man1/chage.1*
+%lang(de) %{_mandir}/de/man1/chfn.1*
+%lang(de) %{_mandir}/de/man1/chsh.1*
+%lang(de) %{_mandir}/de/man1/expiry.1*
+%lang(de) %{_mandir}/de/man1/gpasswd.1*
+%lang(de) %{_mandir}/de/man1/newgrp.1*
+%lang(de) %{_mandir}/de/man1/passwd.1*
+%lang(de) %{_mandir}/de/man1/sg.1*
+%lang(de) %{_mandir}/de/man5/faillog.5*
+%lang(de) %{_mandir}/de/man5/gshadow.5*
+%lang(de) %{_mandir}/de/man5/login.defs.5*
+%lang(de) %{_mandir}/de/man5/passwd.5*
+%lang(de) %{_mandir}/de/man5/shadow.5*
+%lang(de) %{_mandir}/de/man5/suauth.5*
+%lang(de) %{_mandir}/de/man8/chgpasswd.8*
+%lang(de) %{_mandir}/de/man8/chpasswd.8*
+%lang(de) %{_mandir}/de/man8/faillog.8*
+%lang(de) %{_mandir}/de/man8/groupadd.8*
+%lang(de) %{_mandir}/de/man8/groupdel.8*
+%lang(de) %{_mandir}/de/man8/groupmems.8*
+%lang(de) %{_mandir}/de/man8/groupmod.8*
+%lang(de) %{_mandir}/de/man8/grpck.8*
+%lang(de) %{_mandir}/de/man8/grpconv.8*
+%lang(de) %{_mandir}/de/man8/grpunconv.8*
+%lang(de) %{_mandir}/de/man8/logoutd.8*
+%lang(de) %{_mandir}/de/man8/newusers.8*
+%lang(de) %{_mandir}/de/man8/pwck.8*
+%lang(de) %{_mandir}/de/man8/pwconv.8*
+%lang(de) %{_mandir}/de/man8/pwunconv.8*
+%lang(de) %{_mandir}/de/man8/useradd.8*
+%lang(de) %{_mandir}/de/man8/userdel.8*
+%lang(de) %{_mandir}/de/man8/usermod.8*
+%lang(de) %{_mandir}/de/man8/vigr.8*
+%lang(de) %{_mandir}/de/man8/vipw.8*
+
+%lang(fi) %{_mandir}/fi/man1/chfn.1*
+%lang(fi) %{_mandir}/fi/man1/chsh.1*
+
+%lang(fr) %{_mandir}/fr/man1/chage.1*
+%lang(fr) %{_mandir}/fr/man1/chfn.1*
+%lang(fr) %{_mandir}/fr/man1/chsh.1*
+%lang(fr) %{_mandir}/fr/man1/expiry.1*
+%lang(fr) %{_mandir}/fr/man1/gpasswd.1*
+%lang(fr) %{_mandir}/fr/man1/newgidmap.1*
+%lang(fr) %{_mandir}/fr/man1/newgrp.1*
+%lang(fr) %{_mandir}/fr/man1/newuidmap.1*
+%lang(fr) %{_mandir}/fr/man1/passwd.1*
+%lang(fr) %{_mandir}/fr/man1/sg.1*
+%lang(fr) %{_mandir}/fr/man5/faillog.5*
+%lang(fr) %{_mandir}/fr/man5/gshadow.5*
+%lang(fr) %{_mandir}/fr/man5/login.defs.5*
+%lang(fr) %{_mandir}/fr/man5/passwd.5*
+%lang(fr) %{_mandir}/fr/man5/shadow.5*
+%lang(fr) %{_mandir}/fr/man5/suauth.5*
+%lang(fr) %{_mandir}/fr/man5/subgid.5*
+%lang(fr) %{_mandir}/fr/man5/subuid.5*
+%lang(fr) %{_mandir}/fr/man8/chgpasswd.8*
+%lang(fr) %{_mandir}/fr/man8/chpasswd.8*
+%lang(fr) %{_mandir}/fr/man8/faillog.8*
+%lang(fr) %{_mandir}/fr/man8/groupadd.8*
+%lang(fr) %{_mandir}/fr/man8/groupdel.8*
+%lang(fr) %{_mandir}/fr/man8/groupmems.8*
+%lang(fr) %{_mandir}/fr/man8/groupmod.8*
+%lang(fr) %{_mandir}/fr/man8/grpck.8*
+%lang(fr) %{_mandir}/fr/man8/grpconv.8*
+%lang(fr) %{_mandir}/fr/man8/grpunconv.8*
+%lang(fr) %{_mandir}/fr/man8/logoutd.8*
+%lang(fr) %{_mandir}/fr/man8/newusers.8*
+%lang(fr) %{_mandir}/fr/man8/pwck.8*
+%lang(fr) %{_mandir}/fr/man8/pwconv.8*
+%lang(fr) %{_mandir}/fr/man8/pwunconv.8*
+%lang(fr) %{_mandir}/fr/man8/useradd.8*
+%lang(fr) %{_mandir}/fr/man8/userdel.8*
+%lang(fr) %{_mandir}/fr/man8/usermod.8*
+%lang(fr) %{_mandir}/fr/man8/vigr.8*
+%lang(fr) %{_mandir}/fr/man8/vipw.8*
+
+%lang(hu) %{_mandir}/hu/man1/passwd.1*
+%lang(hu) %{_mandir}/hu/man1/chsh.1*
+%lang(hu) %{_mandir}/hu/man1/gpasswd.1*
+%lang(hu) %{_mandir}/hu/man1/newgrp.1*
+%lang(hu) %{_mandir}/hu/man1/sg.1*
+%lang(hu) %{_mandir}/hu/man5/passwd.5*
+
+%lang(id) %{_mandir}/id/man1/chsh.1*
+%lang(id) %{_mandir}/id/man8/useradd.8*
+
+%lang(it) %{_mandir}/it/man1/chage.1*
+%lang(it) %{_mandir}/it/man1/chfn.1*
+%lang(it) %{_mandir}/it/man1/chsh.1*
+%lang(it) %{_mandir}/it/man1/expiry.1*
+%lang(it) %{_mandir}/it/man1/gpasswd.1*
+%lang(it) %{_mandir}/it/man1/newgrp.1*
+%lang(it) %{_mandir}/it/man1/passwd.1*
+%lang(it) %{_mandir}/it/man1/sg.1*
+%lang(it) %{_mandir}/it/man5/faillog.5*
+%lang(it) %{_mandir}/it/man5/gshadow.5*
+%lang(it) %{_mandir}/it/man5/login.defs.5*
+%lang(it) %{_mandir}/it/man5/passwd.5*
+%lang(it) %{_mandir}/it/man5/shadow.5*
+%lang(it) %{_mandir}/it/man5/suauth.5*
+%lang(it) %{_mandir}/it/man8/chgpasswd.8*
+%lang(it) %{_mandir}/it/man8/chpasswd.8*
+%lang(it) %{_mandir}/it/man8/faillog.8*
+%lang(it) %{_mandir}/it/man8/groupadd.8*
+%lang(it) %{_mandir}/it/man8/groupdel.8*
+%lang(it) %{_mandir}/it/man8/groupmems.8*
+%lang(it) %{_mandir}/it/man8/groupmod.8*
+%lang(it) %{_mandir}/it/man8/grpck.8*
+%lang(it) %{_mandir}/it/man8/grpconv.8*
+%lang(it) %{_mandir}/it/man8/grpunconv.8*
+%lang(it) %{_mandir}/it/man8/logoutd.8*
+%lang(it) %{_mandir}/it/man8/newusers.8*
+%lang(it) %{_mandir}/it/man8/pwck.8*
+%lang(it) %{_mandir}/it/man8/pwconv.8*
+%lang(it) %{_mandir}/it/man8/pwunconv.8*
+%lang(it) %{_mandir}/it/man8/useradd.8*
+%lang(it) %{_mandir}/it/man8/userdel.8*
+%lang(it) %{_mandir}/it/man8/usermod.8*
+%lang(it) %{_mandir}/it/man8/vigr.8*
+%lang(it) %{_mandir}/it/man8/vipw.8*
+
+%lang(ja) %{_mandir}/ja/man1/chage.1*
+%lang(ja) %{_mandir}/ja/man1/chfn.1*
+%lang(ja) %{_mandir}/ja/man1/chsh.1*
+%lang(ja) %{_mandir}/ja/man1/expiry.1*
+%lang(ja) %{_mandir}/ja/man1/gpasswd.1*
+%lang(ja) %{_mandir}/ja/man1/newgrp.1*
+%lang(ja) %{_mandir}/ja/man1/passwd.1*
+%lang(ja) %{_mandir}/ja/man1/sg.1*
+%lang(ja) %{_mandir}/ja/man5/faillog.5*
+%lang(ja) %{_mandir}/ja/man5/login.defs.5*
+%lang(ja) %{_mandir}/ja/man5/passwd.5*
+%lang(ja) %{_mandir}/ja/man5/shadow.5*
+%lang(ja) %{_mandir}/ja/man5/suauth.5*
+%lang(ja) %{_mandir}/ja/man8/chpasswd.8*
+%lang(ja) %{_mandir}/ja/man8/faillog.8*
+%lang(ja) %{_mandir}/ja/man8/groupadd.8*
+%lang(ja) %{_mandir}/ja/man8/groupdel.8*
+%lang(ja) %{_mandir}/ja/man8/groupmod.8*
+%lang(ja) %{_mandir}/ja/man8/grpck.8*
+%lang(ja) %{_mandir}/ja/man8/grpconv.8*
+%lang(ja) %{_mandir}/ja/man8/grpunconv.8*
+%lang(ja) %{_mandir}/ja/man8/logoutd.8*
+%lang(ja) %{_mandir}/ja/man8/newusers.8*
+%lang(ja) %{_mandir}/ja/man8/pwck.8*
+%lang(ja) %{_mandir}/ja/man8/pwconv.8*
+%lang(ja) %{_mandir}/ja/man8/pwunconv.8*
+%lang(ja) %{_mandir}/ja/man8/useradd.8*
+%lang(ja) %{_mandir}/ja/man8/userdel.8*
+%lang(ja) %{_mandir}/ja/man8/usermod.8*
+%lang(ja) %{_mandir}/ja/man8/vigr.8*
+%lang(ja) %{_mandir}/ja/man8/vipw.8*
+
+%lang(ko) %{_mandir}/ko/man1/chfn.1*
+%lang(ko) %{_mandir}/ko/man1/chsh.1*
+%lang(ko) %{_mandir}/ko/man5/passwd.5*
+%lang(ko) %{_mandir}/ko/man8/vigr.8*
+%lang(ko) %{_mandir}/ko/man8/vipw.8*
+
+%lang(pl) %{_mandir}/pl/man1/chage.1*
+%lang(pl) %{_mandir}/pl/man1/chsh.1*
+%lang(pl) %{_mandir}/pl/man1/expiry.1*
+%lang(pl) %{_mandir}/pl/man1/newgrp.1*
+%lang(pl) %{_mandir}/pl/man1/sg.1*
+%lang(pl) %{_mandir}/pl/man5/faillog.5*
+%lang(pl) %{_mandir}/pl/man8/faillog.8*
+%lang(pl) %{_mandir}/pl/man8/groupadd.8*
+%lang(pl) %{_mandir}/pl/man8/groupdel.8*
+%lang(pl) %{_mandir}/pl/man8/groupmems.8*
+%lang(pl) %{_mandir}/pl/man8/groupmod.8*
+%lang(pl) %{_mandir}/pl/man8/grpck.8*
+%lang(pl) %{_mandir}/pl/man8/logoutd.8*
+%lang(pl) %{_mandir}/pl/man8/userdel.8*
+%lang(pl) %{_mandir}/pl/man8/usermod.8*
+%lang(pl) %{_mandir}/pl/man8/vigr.8*
+%lang(pl) %{_mandir}/pl/man8/vipw.8*
+
+%lang(pt_BR) %{_mandir}/pt_BR/man1/gpasswd.1*
+%lang(pt_BR) %{_mandir}/pt_BR/man5/passwd.5*
+%lang(pt_BR) %{_mandir}/pt_BR/man5/shadow.5*
+%lang(pt_BR) %{_mandir}/pt_BR/man8/groupadd.8*
+%lang(pt_BR) %{_mandir}/pt_BR/man8/groupdel.8*
+%lang(pt_BR) %{_mandir}/pt_BR/man8/groupmod.8*
+
+%lang(ru) %{_mandir}/ru/man1/chage.1*
+%lang(ru) %{_mandir}/ru/man1/chfn.1*
+%lang(ru) %{_mandir}/ru/man1/chsh.1*
+%lang(ru) %{_mandir}/ru/man1/expiry.1*
+%lang(ru) %{_mandir}/ru/man1/gpasswd.1*
+%lang(ru) %{_mandir}/ru/man1/newgrp.1*
+%lang(ru) %{_mandir}/ru/man1/passwd.1*
+%lang(ru) %{_mandir}/ru/man1/sg.1*
+%lang(ru) %{_mandir}/ru/man5/faillog.5*
+%lang(ru) %{_mandir}/ru/man5/gshadow.5*
+%lang(ru) %{_mandir}/ru/man5/login.defs.5*
+%lang(ru) %{_mandir}/ru/man5/passwd.5*
+%lang(ru) %{_mandir}/ru/man5/shadow.5*
+%lang(ru) %{_mandir}/ru/man5/suauth.5*
+%lang(ru) %{_mandir}/ru/man8/chgpasswd.8*
+%lang(ru) %{_mandir}/ru/man8/chpasswd.8*
+%lang(ru) %{_mandir}/ru/man8/faillog.8*
+%lang(ru) %{_mandir}/ru/man8/groupadd.8*
+%lang(ru) %{_mandir}/ru/man8/groupdel.8*
+%lang(ru) %{_mandir}/ru/man8/groupmems.8*
+%lang(ru) %{_mandir}/ru/man8/groupmod.8*
+%lang(ru) %{_mandir}/ru/man8/grpck.8*
+%lang(ru) %{_mandir}/ru/man8/grpconv.8*
+%lang(ru) %{_mandir}/ru/man8/grpunconv.8*
+%lang(ru) %{_mandir}/ru/man8/logoutd.8*
+%lang(ru) %{_mandir}/ru/man8/newusers.8*
+%lang(ru) %{_mandir}/ru/man8/pwck.8*
+%lang(ru) %{_mandir}/ru/man8/pwconv.8*
+%lang(ru) %{_mandir}/ru/man8/pwunconv.8*
+%lang(ru) %{_mandir}/ru/man8/useradd.8*
+%lang(ru) %{_mandir}/ru/man8/userdel.8*
+%lang(ru) %{_mandir}/ru/man8/usermod.8*
+%lang(ru) %{_mandir}/ru/man8/vigr.8*
+%lang(ru) %{_mandir}/ru/man8/vipw.8*
+
+%lang(sv) %{_mandir}/sv/man1/chage.1*
+%lang(sv) %{_mandir}/sv/man1/chsh.1*
+%lang(sv) %{_mandir}/sv/man1/expiry.1*
+%lang(sv) %{_mandir}/sv/man1/newgrp.1*
+%lang(sv) %{_mandir}/sv/man1/passwd.1*
+%lang(sv) %{_mandir}/sv/man1/sg.1*
+%lang(sv) %{_mandir}/sv/man5/faillog.5*
+%lang(sv) %{_mandir}/sv/man5/gshadow.5*
+%lang(sv) %{_mandir}/sv/man5/passwd.5*
+%lang(sv) %{_mandir}/sv/man5/suauth.5*
+%lang(sv) %{_mandir}/sv/man8/faillog.8*
+%lang(sv) %{_mandir}/sv/man8/groupadd.8*
+%lang(sv) %{_mandir}/sv/man8/groupdel.8*
+%lang(sv) %{_mandir}/sv/man8/groupmems.8*
+%lang(sv) %{_mandir}/sv/man8/groupmod.8*
+%lang(sv) %{_mandir}/sv/man8/grpck.8*
+%lang(sv) %{_mandir}/sv/man8/logoutd.8*
+%lang(sv) %{_mandir}/sv/man8/pwck.8*
+%lang(sv) %{_mandir}/sv/man8/userdel.8*
+%lang(sv) %{_mandir}/sv/man8/vigr.8*
+%lang(sv) %{_mandir}/sv/man8/vipw.8*
+
+%lang(tr) %{_mandir}/tr/man1/chage.1*
+%lang(tr) %{_mandir}/tr/man1/chfn.1*
+%lang(tr) %{_mandir}/tr/man1/passwd.1*
+%lang(tr) %{_mandir}/tr/man5/passwd.5*
+%lang(tr) %{_mandir}/tr/man5/shadow.5*
+%lang(tr) %{_mandir}/tr/man8/groupadd.8*
+%lang(tr) %{_mandir}/tr/man8/groupdel.8*
+%lang(tr) %{_mandir}/tr/man8/groupmod.8*
+%lang(tr) %{_mandir}/tr/man8/useradd.8*
+%lang(tr) %{_mandir}/tr/man8/userdel.8*
+%lang(tr) %{_mandir}/tr/man8/usermod.8*
+
+%lang(zh_CN) %{_mandir}/zh_CN/man1/chage.1*
+%lang(zh_CN) %{_mandir}/zh_CN/man1/chfn.1*
+%lang(zh_CN) %{_mandir}/zh_CN/man1/chsh.1*
+%lang(zh_CN) %{_mandir}/zh_CN/man1/expiry.1*
+%lang(zh_CN) %{_mandir}/zh_CN/man1/gpasswd.1*
+%lang(zh_CN) %{_mandir}/zh_CN/man1/newgrp.1*
+%lang(zh_CN) %{_mandir}/zh_CN/man1/passwd.1*
+%lang(zh_CN) %{_mandir}/zh_CN/man1/sg.1*
+%lang(zh_CN) %{_mandir}/zh_CN/man5/faillog.5*
+%lang(zh_CN) %{_mandir}/zh_CN/man5/gshadow.5*
+%lang(zh_CN) %{_mandir}/zh_CN/man5/login.defs.5*
+%lang(zh_CN) %{_mandir}/zh_CN/man5/passwd.5*
+%lang(zh_CN) %{_mandir}/zh_CN/man5/shadow.5*
+%lang(zh_CN) %{_mandir}/zh_CN/man5/suauth.5*
+%lang(zh_CN) %{_mandir}/zh_CN/man8/chgpasswd.8*
+%lang(zh_CN) %{_mandir}/zh_CN/man8/chpasswd.8*
+%lang(zh_CN) %{_mandir}/zh_CN/man8/faillog.8*
+%lang(zh_CN) %{_mandir}/zh_CN/man8/groupadd.8*
+%lang(zh_CN) %{_mandir}/zh_CN/man8/groupdel.8*
+%lang(zh_CN) %{_mandir}/zh_CN/man8/groupmems.8*
+%lang(zh_CN) %{_mandir}/zh_CN/man8/groupmod.8*
+%lang(zh_CN) %{_mandir}/zh_CN/man8/grpck.8*
+%lang(zh_CN) %{_mandir}/zh_CN/man8/grpconv.8*
+%lang(zh_CN) %{_mandir}/zh_CN/man8/grpunconv.8*
+%lang(zh_CN) %{_mandir}/zh_CN/man8/logoutd.8*
+%lang(zh_CN) %{_mandir}/zh_CN/man8/newusers.8*
+%lang(zh_CN) %{_mandir}/zh_CN/man8/pwck.8*
+%lang(zh_CN) %{_mandir}/zh_CN/man8/pwconv.8*
+%lang(zh_CN) %{_mandir}/zh_CN/man8/pwunconv.8*
+%lang(zh_CN) %{_mandir}/zh_CN/man8/useradd.8*
+%lang(zh_CN) %{_mandir}/zh_CN/man8/userdel.8*
+%lang(zh_CN) %{_mandir}/zh_CN/man8/usermod.8*
+%lang(zh_CN) %{_mandir}/zh_CN/man8/vigr.8*
+%lang(zh_CN) %{_mandir}/zh_CN/man8/vipw.8*
+
+%lang(zh_TW) %{_mandir}/zh_TW/man1/chfn.1*
+%lang(zh_TW) %{_mandir}/zh_TW/man1/chsh.1*
+%lang(zh_TW) %{_mandir}/zh_TW/man1/newgrp.1*
+%lang(zh_TW) %{_mandir}/zh_TW/man5/passwd.5*
+%lang(zh_TW) %{_mandir}/zh_TW/man8/chpasswd.8*
+%lang(zh_TW) %{_mandir}/zh_TW/man8/groupadd.8*
+%lang(zh_TW) %{_mandir}/zh_TW/man8/groupdel.8*
+%lang(zh_TW) %{_mandir}/zh_TW/man8/groupmod.8*
+%lang(zh_TW) %{_mandir}/zh_TW/man8/useradd.8*
+%lang(zh_TW) %{_mandir}/zh_TW/man8/userdel.8*
+%lang(zh_TW) %{_mandir}/zh_TW/man8/usermod.8*

diff --git a/shadow.useradd b/shadow.useradd
new file mode 100644 (file)
index 0000000..0a28b4e
--- /dev/null
+++ b/shadow.useradd
@@ -0,0 +1,7 @@
+# useradd defaults file
+GROUP=1000
+HOME=/home/users
+INACTIVE=-1
+EXPIRE=
+SHELL=/bin/bash
+SKEL=/etc/skel

diff --git a/useradd.pamd b/useradd.pamd
new file mode 100644 (file)
index 0000000..cd2149e
--- /dev/null
+++ b/useradd.pamd
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth           sufficient      pam_rootok.so
+auth           required        pam_deny.so
+account                required        pam_permit.so
+password       include         system-auth

diff --git a/userdel.pamd b/userdel.pamd
new file mode 100644 (file)
index 0000000..cd2149e
--- /dev/null
+++ b/userdel.pamd
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth           sufficient      pam_rootok.so
+auth           required        pam_deny.so
+account                required        pam_permit.so
+password       include         system-auth

diff --git a/usermod.pamd b/usermod.pamd
new file mode 100644 (file)
index 0000000..cd2149e
--- /dev/null
+++ b/usermod.pamd
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth           sufficient      pam_rootok.so
+auth           required        pam_deny.so
+account                required        pam_permit.so
+password       include         system-auth