* NEWS, src/usermod.c, man/usermod.8.xml: Add --root option. Open

audit and syslog after the potential chroot. userdel's usage split
	in smaller messages.

ChangeLog

@@ -9,6 +9,7 @@
 	* NEWS, src/userdel.c, man/userdel.8.xml: Add --root option. Open
 	audit and syslog after the potential chroot. userdel's usage split
 	in smaller messages.
+	* NEWS, src/usermod.c, man/usermod.8.xml: Likewise
 
 2011-10-22  Nicolas François  <nicolas.francois@centraliens.net>
 

NEWS

@@ -83,6 +83,7 @@ shadow-4.1.4.3 -> shadow-4.1.5					UNRELEASED
   * When the shadow file exists but there are no shadow entries, an entry
     is created if the password is changed and passwd requires a
     shadow entry, or if aging features are used (-e or -f).
+  * Add --root option.
 
 *** translation
   * Updated Brazilian Portuguese translation.

man/usermod.8.xml

@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
    Copyright (c) 1991 - 1994, Julianne Frances Haugh
-   Copyright (c) 2007 - 2009, Nicolas François
+   Copyright (c) 2007 - 2011, Nicolas François
    All rights reserved.
   
    Redistribution and use in source and binary forms, with or without
@@ -294,6 +294,19 @@
 	  </para>
 	</listitem>
       </varlistentry>
+      <varlistentry>
+	<term>
+	  <option>-R</option>, <option>--root</option>
+	  <replaceable>CHROOT_DIR</replaceable>
+	</term>
+	<listitem>
+	  <para>
+	    Apply changes in the <replaceable>CHROOT_DIR</replaceable>
+	    directory and use the configuration files from the
+	    <replaceable>CHROOT_DIR</replaceable> directory.
+	  </para>
+	</listitem>
+      </varlistentry>
       <varlistentry>
 	<term>
 	  <option>-s</option>, <option>--shell</option>

src/usermod.c

@@ -310,38 +310,37 @@ static int get_groups (char *list)
  */
 static /*@noreturn@*/void usage (int status)
 {
-	fprintf ((E_SUCCESS != status) ? stderr : stdout,
+	FILE *usageout = (E_SUCCESS != status) ? stderr : stdout;
-	         _("Usage: usermod [options] LOGIN\n"
+	(void) fprintf (usageout,
+	                _("Usage: %s [options] LOGIN\n"
 	                  "\n"
-	         "Options:\n"
+	                  "Options:\n"),
-	         "  -c, --comment COMMENT         new value of the GECOS field\n"
+	                Prog);
-	         "  -d, --home HOME_DIR           new home directory for the user account\n"
+	(void) fputs (_("  -c, --comment COMMENT         new value of the GECOS field\n"), usageout);
-	         "  -e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE\n"
+	(void) fputs (_("  -d, --home HOME_DIR           new home directory for the user account\n"), usageout);
-	         "  -f, --inactive INACTIVE       set password inactive after expiration\n"
+	(void) fputs (_("  -e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE\n"), usageout);
-	         "                                to INACTIVE\n"
+	(void) fputs (_("  -f, --inactive INACTIVE       set password inactive after expiration\n"
-	         "  -g, --gid GROUP               force use GROUP as new primary group\n"
+	                "                                to INACTIVE\n"), usageout);
-	         "  -G, --groups GROUPS           new list of supplementary GROUPS\n"
+	(void) fputs (_("  -g, --gid GROUP               force use GROUP as new primary group\n"), usageout);
-	         "  -a, --append                  append the user to the supplemental GROUPS\n"
+	(void) fputs (_("  -G, --groups GROUPS           new list of supplementary GROUPS\n"), usageout);
+	(void) fputs (_("  -a, --append                  append the user to the supplemental GROUPS\n"
 	                "                                mentioned by the -G option without removing\n"
-	         "                                him/her from other groups\n"
+	                "                                him/her from other groups\n"), usageout);
-	         "  -h, --help                    display this help message and exit\n"
+	(void) fputs (_("  -h, --help                    display this help message and exit\n"), usageout);
-	         "  -l, --login NEW_LOGIN         new value of the login name\n"
+	(void) fputs (_("  -l, --login NEW_LOGIN         new value of the login name\n"), usageout);
-	         "  -L, --lock                    lock the user account\n"
+	(void) fputs (_("  -L, --lock                    lock the user account\n"), usageout);
-	         "  -m, --move-home               move contents of the home directory to the\n"
+	(void) fputs (_("  -m, --move-home               move contents of the home directory to the\n"
-	         "                                new location (use only with -d)\n"
+	                "                                new location (use only with -d)\n"), usageout);
-	         "  -o, --non-unique              allow using duplicate (non-unique) UID\n"
+	(void) fputs (_("  -o, --non-unique              allow using duplicate (non-unique) UID\n"), usageout);
-	         "  -p, --password PASSWORD       use encrypted password for the new password\n"
+	(void) fputs (_("  -p, --password PASSWORD       use encrypted password for the new password\n"), usageout);
-	         "  -s, --shell SHELL             new login shell for the user account\n"
+	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
-	         "  -u, --uid UID                 new UID for the user account\n"
+	(void) fputs (_("  -s, --shell SHELL             new login shell for the user account\n"), usageout);
-	         "  -U, --unlock                  unlock the user account\n"
+	(void) fputs (_("  -u, --uid UID                 new UID for the user account\n"), usageout);
-	         "%s"
+	(void) fputs (_("  -U, --unlock                  unlock the user account\n"), usageout);
-	         "\n"),
 #ifdef WITH_SELINUX
-	         _("  -Z, --selinux-user            new SELinux user mapping for the user account\n")
+	(void) fputs (_("  -Z, --selinux-user            new SELinux user mapping for the user account\n"), usageout);
-#else
-	         ""
 #endif
-	         );
+	(void) fputs ("\n", usageout);
 	exit (status);
 }
 
@@ -889,6 +888,7 @@ static void process_flags (int argc, char **argv)
 			{"move-home", no_argument, NULL, 'm'},
 			{"non-unique", no_argument, NULL, 'o'},
 			{"password", required_argument, NULL, 'p'},
+			{"root", required_argument, NULL, 'R'},
 #ifdef WITH_SELINUX
 			{"selinux-user", required_argument, NULL, 'Z'},
 #endif
@@ -899,9 +899,9 @@ static void process_flags (int argc, char **argv)
 		};
 		while ((c = getopt_long (argc, argv,
 #ifdef WITH_SELINUX
-			                 "ac:d:e:f:g:G:hl:Lmop:s:u:UZ:",
+			                 "ac:d:e:f:g:G:hl:Lmop:R:s:u:UZ:",
 #else
-			                 "ac:d:e:f:g:G:hl:Lmop:s:u:U",
+			                 "ac:d:e:f:g:G:hl:Lmop:R:s:u:U",
 #endif
 			                 long_options, NULL)) != -1) {
 			switch (c) {
@@ -996,6 +996,8 @@ static void process_flags (int argc, char **argv)
 				user_pass = optarg;
 				pflg = true;
 				break;
+			case 'R': /* no-op, handled in process_root_flag () */
+				break;
 			case 's':
 				if (!VALID (optarg)) {
 					fprintf (stderr,
@@ -1788,10 +1790,6 @@ int main (int argc, char **argv)
 #endif				/* USE_PAM */
 #endif				/* ACCT_TOOLS_SETUID */
 
-#ifdef WITH_AUDIT
-	audit_help_open ();
-#endif
-
 	/*
 	 * Get my name so that I can use it to report errors.
 	 */
@@ -1801,12 +1799,17 @@ int main (int argc, char **argv)
 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
 	(void) textdomain (PACKAGE);
 
+	process_root_flag ("-R", argc, argv);
+
+	OPENLOG ("usermod");
+#ifdef WITH_AUDIT
+	audit_help_open ();
+#endif
+
 	sys_ngroups = sysconf (_SC_NGROUPS_MAX);
 	user_groups = (char **) malloc (sizeof (char *) * (1 + sys_ngroups));
 	user_groups[0] = (char *) 0;
 
-	OPENLOG ("usermod");
-
 	is_shadow_pwd = spw_file_present ();
 #ifdef SHADOWGRP
 	is_shadow_grp = sgr_file_present ();