112 lines
3.6 KiB
Plaintext
112 lines
3.6 KiB
Plaintext
Check when RLOGIN is enabled if ruserok() exists
|
|
|
|
Move selinux_file_context out of libmisc/copydir.c
|
|
|
|
Review hardcoded root account?
|
|
|
|
review all call to strto
|
|
|
|
libmisc/cleanup_user.c
|
|
cleanup needed (cleanup_report_add_user* not used)
|
|
|
|
|
|
libxcrypt support
|
|
* http://wiki.linuxfromscratch.org/patches/browser/trunk/shadow/shadow-4.0.18.1-owl_blowfish-1.patch
|
|
|
|
implement getlong, getulong.
|
|
avoid atoi, atol, atoul, strtol, strtoul, ...
|
|
|
|
manpages: comment the RLOGIN parts
|
|
|
|
Replace build_list (in lib/gshadow.c) and list (in lib/sgetgrent.c) by
|
|
comma_to_list()
|
|
|
|
Revert the modified files if all files could not be changed.
|
|
* or warn and indicate which files were modified and which were not.
|
|
* check the order the files are modified.
|
|
|
|
report nscd_flush_cache failures?
|
|
call nscd from the programs or from lib (commonio?)
|
|
|
|
PAM: check if a non-interactive conversation function could be used to set
|
|
the password in chpasswd and newusers
|
|
|
|
WITH_SELINUX
|
|
- review all tools to check that the strategies are consistent
|
|
|
|
chage, chfn, chsh: same change needed as in passwd.
|
|
- probably need moving check_selinux_access to a separate file.
|
|
|
|
testsuite
|
|
- newgrp
|
|
- test with unknown user's GID
|
|
|
|
newusers
|
|
- add logging to SYSLOG & AUDIT
|
|
- use CREATE_HOME
|
|
- Add a -Z option (see useradd / usermod)
|
|
|
|
Document when/where option appeared, document whether an option is standard
|
|
or not.
|
|
|
|
Check all the expiry semantics
|
|
|
|
ALL:
|
|
- move base passwd/shadow/group/gshadow operation to module for allow write
|
|
different backend modules for db, NIS, LDAP and others. Default backend it
|
|
will be goot if will be chosen depending on /etc/nsswitch.conf and allow
|
|
override this by -r <repository> options (where the <repository> can be
|
|
file, db, nis nisplus, ldap .. like on /etc/nsswitch.conf in service column).
|
|
passwd have old piece of code with handling -r option and it will be good
|
|
finish this and propagate on other shadow tools for allow operate on other
|
|
user databases by well known tools.
|
|
- Protect against signals. Register do_cleanups in a signal handler.
|
|
|
|
- login.defs
|
|
- generate depending on configuration
|
|
|
|
- useradd:
|
|
- add handle create user mail spool in maildir format.
|
|
- Add support for -k in -D mode
|
|
- Add support for -K in -D mode
|
|
- Add option to create or not the mail spool (and set the default in -D
|
|
mode)
|
|
- Change -l to reset the entry if an entry was already there
|
|
- set the mask in mkdir?
|
|
|
|
- userdel:
|
|
- add backup option for the removal of user resources,
|
|
- user_busy: check that the user is not running any processes.
|
|
- missing "deleting group" FAILED
|
|
- home dir removed, but userdel may fail and may leave the user
|
|
=> warning needed
|
|
|
|
- usermod
|
|
- add an option equivalent to useradd's -l (only when uid is changed)
|
|
- the mode of new home directories should be set according to the
|
|
original mode. Does copy_tree does this?
|
|
- user renamed, order is not kept in /etc/group (see
|
|
47_usermod-l_no_shadow_file). This is a problem when the first user is
|
|
considered as the admin.
|
|
- see mail "user ID change" on April, 15
|
|
+ fix call to chown (combination of -m and -u/-g)
|
|
+ add tests
|
|
|
|
- passwd:
|
|
- check combination of options (e.g. -u/-l)
|
|
- when -u refuse to unlock because it would create an empty password, it
|
|
should not display "Password changed."
|
|
exit instead?
|
|
|
|
- newgrp: check the USE_PAM section.
|
|
|
|
- pwck
|
|
- Add check to move passwd passwords to shadow if there is a shadow
|
|
entry (with a password).
|
|
- Add check to move passwd passwords to shadow if there is a shadow
|
|
file.
|
|
|
|
- su
|
|
- add a login.defs configuration parameter to add variables to keep in
|
|
the environment with "su -l" (TERM/TERMCOLOR/...
|