/etc/default/useradd * GROUP=1000 should accept a group name. Check when RLOGIN is enabled if ruserok() exists Move selinux_file_context out of libmisc/copydir.c Review hardcoded root account? review all call to strto libmisc/cleanup_user.c cleanup needed (cleanup_report_add_user* not used) libxcrypt support * http://wiki.linuxfromscratch.org/patches/browser/trunk/shadow/shadow-4.0.18.1-owl_blowfish-1.patch implement getlong, getulong. avoid atoi, atol, atoul, strtol, strtoul, ... manpages: comment the RLOGIN parts Replace build_list (in lib/gshadow.c) and list (in lib/sgetgrent.c) by comma_to_list() Revert the modified files if all files could not be changed. * or warn and indicate which files were modified and which were not. * check the order the files are modified. report nscd_flush_cache failures? call nscd from the programs or from lib (commonio?) PAM: check if a non-interactive conversation function could be used to set the password in chpasswd and newusers WITH_SELINUX - review all tools to check that the strategies are consistent chage, chfn, chsh: same change needed as in passwd. - probably need moving check_selinux_access to a separate file. testsuite - newgrp - test with unknown user's GID newusers - add logging to SYSLOG & AUDIT - use CREATE_HOME - Add a -Z option (see useradd / usermod) Document when/where option appeared, document whether an option is standard or not. Check all the expiry semantics ALL: - move base passwd/shadow/group/gshadow operation to module for allow write different backend modules for db, NIS, LDAP and others. Default backend it will be goot if will be chosen depending on /etc/nsswitch.conf and allow override this by -r options (where the can be file, db, nis nisplus, ldap .. like on /etc/nsswitch.conf in service column). passwd have old piece of code with handling -r option and it will be good finish this and propagate on other shadow tools for allow operate on other user databases by well known tools. - Protect against signals. Register do_cleanups in a signal handler. - login.defs - generate depending on configuration - useradd: - add handle create user mail spool in maildir format. - Add support for -k in -D mode - Add support for -K in -D mode - Add option to create or not the mail spool (and set the default in -D mode) - Change -l to reset the entry if an entry was already there - set the mask in mkdir? - userdel: - add backup option for the removal of user resources, - user_busy: check that the user is not running any processes. - missing "deleting group" FAILED - home dir removed, but userdel may fail and may leave the user => warning needed - usermod - add an option equivalent to useradd's -l (only when uid is changed) - the mode of new home directories should be set according to the original mode. Does copy_tree does this? - user renamed, order is not kept in /etc/group (see 47_usermod-l_no_shadow_file). This is a problem when the first user is considered as the admin. - see mail "user ID change" on April, 15 + fix call to chown (combination of -m and -u/-g) + add tests - passwd: - check combination of options (e.g. -u/-l) - when -u refuse to unlock because it would create an empty password, it should not display "Password changed." exit instead? - newgrp: check the USE_PAM section. - pwck - Add check to move passwd passwords to shadow if there is a shadow entry (with a password). - Add check to move passwd passwords to shadow if there is a shadow file. - su - add a login.defs configuration parameter to add variables to keep in the environment with "su -l" (TERM/TERMCOLOR/...