126 files changed, 2857 insertions, 0 deletions

diff --git a/tests/chsh/01/data/chsh1 b/tests/chsh/01/data/chsh1
new file mode 100644
index 0000000..01b3d53
--- /dev/null
+++ b/tests/chsh/01/data/chsh1
@@ -0,0 +1 @@
+You may not change the shell for 'myuser'.
diff --git a/tests/chsh/01/data/chsh2 b/tests/chsh/01/data/chsh2
new file mode 100644
index 0000000..b017d6d
--- /dev/null
+++ b/tests/chsh/01/data/chsh2
@@ -0,0 +1 @@
+You may not change the shell for 'myuser2'.
diff --git a/tests/chsh/01/data/group b/tests/chsh/01/data/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/chsh/01/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/chsh/01/data/gshadow b/tests/chsh/01/data/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/chsh/01/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/chsh/01/data/passwd b/tests/chsh/01/data/passwd
new file mode 100644
index 0000000..37b0467
--- /dev/null
+++ b/tests/chsh/01/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/chsh/01/data/shadow b/tests/chsh/01/data/shadow
new file mode 100644
index 0000000..f004fa2
--- /dev/null
+++ b/tests/chsh/01/data/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/chsh/01/data/shells b/tests/chsh/01/data/shells
new file mode 100644
index 0000000..4fd4378
--- /dev/null
+++ b/tests/chsh/01/data/shells
@@ -0,0 +1,16 @@
+# /etc/shells: valid login shells
+/bin/ash
+/bin/csh
+/bin/sh
+/usr/bin/es
+/usr/bin/ksh
+/bin/ksh
+/usr/bin/rc
+/usr/bin/tcsh
+/bin/tcsh
+/usr/bin/zsh
+/bin/sash
+/bin/zsh
+/usr/bin/esh
+/bin/bash
+/bin/rbash
diff --git a/tests/chsh/01/run b/tests/chsh/01/run
new file mode 100755
index 0000000..72760c2
--- /dev/null
+++ b/tests/chsh/01/run
@@ -0,0 +1,143 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+# Rational:
+# Test chage options
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save()
+{
+	[ ! -d tmp ] && mkdir tmp
+	for i in passwd group shadow gshadow shells
+	do
+		[ -f /etc/$i  ] && cp /etc/$i  tmp/$i
+		[ -f /etc/$i- ] && cp /etc/$i- tmp/$i-
+	done
+
+	true
+}
+
+restore()
+{
+	for i in passwd group shadow gshadow shells
+	do
+		[ -f tmp/$i  ] && cp tmp/$i  /etc/$i  && rm tmp/$i
+		[ -f tmp/$i- ] && cp tmp/$i- /etc/$i- && rm tmp/$i-
+	done
+	rm -f tmp/out
+	rm -f tmp/shell tmp/sh:ell
+	rmdir tmp
+}
+
+save
+
+# restore the files on exit
+trap 'if [ "$?" != "0" ]; then echo "FAIL"; fi; restore' 0
+
+for i in passwd group shadow gshadow shells
+do
+	cp data/$i /etc
+done
+
+echo -n "changing to a restricted shell, by root..."
+cp /bin/bash tmp/shell
+chsh -s $(pwd)/tmp/shell myuser
+ent=$(getent passwd myuser)
+[ "$ent" = "myuser:x:424242:424242::/home:"$(pwd)"/tmp/shell" ] || exit 1
+echo "OK"
+
+echo -n "changing from a restricted shell, by myuser..."
+su myuser -c "chsh -s /bin/bash" 2> tmp/out && exit 1
+ent=$(getent passwd myuser)
+[ "$ent" = "myuser:x:424242:424242::/home:"$(pwd)"/tmp/shell" ] || exit 1
+diff -au data/chsh1 tmp/out
+echo "OK"
+
+echo -n "changing from a restricted shell, by root..."
+chsh -s /bin/bash myuser
+ent=$(getent passwd myuser)
+[ "$ent" = "myuser:x:424242:424242::/home:/bin/bash" ] || exit 1
+echo "OK"
+
+# Need to be done by expect now (chage asks for a passwd if not root)
+#echo -n "changing to a restricted shell, by myuser..."
+#su myuser -c "chsh -s $(pwd)/tmp/shell" 2> tmp/out && exit 1
+#ent=$(getent passwd myuser)
+#[ "$ent" = "myuser:x:424242:424242::/home:/bin/bash" ] || exit 1
+#grep "/tmp/shell is an invalid shell." tmp/out > /dev/null
+#[ $(wc -l tmp/out| cut -d" " -f1) = "1" ] || exit 1
+#echo "OK"
+
+#echo -n "changing to a new valid shell, by myuser..."
+#echo $(pwd)/tmp/shell >> /tmp/shells
+#su myuser -c "chsh -s $(pwd)/tmp/shell" 2> tmp/out && exit 1
+#ent=$(getent passwd myuser)
+#[ "$ent" = "myuser:x:424242:424242::/home:/bin/bash" ] || exit 1
+#grep "/tmp/shell is an invalid shell." tmp/out > /dev/null
+#[ $(wc -l tmp/out| cut -d" " -f1) = "1" ] || exit 1
+#echo "OK"
+
+echo -n "changing another user's shell..."
+su myuser -c "chsh -s /bin/sh myuser2" 2> tmp/out && exit 1
+ent=$(getent passwd myuser2)
+[ "$ent" = "myuser2:x:424243:424242::/home:/bin/sh" ] || exit 1
+diff -au data/chsh2 tmp/out
+echo "OK"
+
+#echo -n "changing to a non-executable shell..."
+#chmod a-x tmp/shell
+#su myuser -c "chsh -s $(pwd)/tmp/shell myuser" 2> tmp/out && exit 1
+#ent=$(getent passwd myuser)
+#[ "$ent" = "myuser:x:424242:424242::/home:/bin/bash" ] || exit 1
+#grep "/tmp/shell is an invalid shell." tmp/out > /dev/null
+#[ $(wc -l tmp/out| cut -d" " -f1) = "1" ] || exit 1
+#echo "OK"
+
+echo -n "changing to an invalid shell name..."
+cp /bin/bash tmp/sh:ell
+echo $(pwd)/tmp/sh:ell >> /etc/shells
+chsh -s $(pwd)/tmp/sh:ell myuser 2> tmp/out && exit 1
+ent=$(getent passwd myuser)
+[ "$ent" = "myuser:x:424242:424242::/home:/bin/bash" ] || exit 1
+egrep "chsh: Invalid entry: .*/tmp/sh:ell" tmp/out > /dev/null
+[ $(wc -l tmp/out| cut -d" " -f1) = "1" ] || exit 1
+echo "OK"
+
+echo "testing the interactive mode (1)..."
+rm -f tmp/out
+./run.exp /bin/bash myuser
+[ -f tmp/out ] && exit 1
+ent=$(getent passwd myuser)
+[ "$ent" = "myuser:x:424242:424242::/home:/bin/bash" ] || exit 1
+echo "OK"
+
+#echo "testing the interactive mode (2)..."
+#rm -f tmp/out
+#su myuser -c "./run.exp /bin/bash"
+#[ -f tmp/out ] && exit 1
+#ent=$(getent passwd myuser)
+#[ "$ent" = "myuser:x:424242:424242::/home:/bin/bash" ] || exit 1
+#echo "OK"
+
+echo "testing the interactive mode (3)..."
+rm -f tmp/out
+./run.exp /bin/sh myuser
+[ -f tmp/out ] && exit 1
+ent=$(getent passwd myuser)
+[ "$ent" = "myuser:x:424242:424242::/home:/bin/sh" ] || exit 1
+echo "OK"
+
+echo "testing the interactive mode (4)..."
+rm -f tmp/out
+./run.exp $(pwd)/tmp/sh:ell myuser && exit 1
+egrep "chsh: Invalid entry: .*/tmp/sh:ell" tmp/out > /dev/null
+ent=$(getent passwd myuser)
+[ "$ent" = "myuser:x:424242:424242::/home:/bin/sh" ] || exit 1
+echo "OK"
+
diff --git a/tests/chsh/01/run.exp b/tests/chsh/01/run.exp
new file mode 100755
index 0000000..4890193
--- /dev/null
+++ b/tests/chsh/01/run.exp
@@ -0,0 +1,38 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+if {$argc < 1} {
+	puts "usage: run.exp \[shell] \[user]"
+	exit 1
+}
+set shell     [lindex $argv 0]
+
+if {$argc == 2} {
+	spawn /usr/bin/chsh [lindex $argv 1]
+} else {
+	spawn /usr/bin/chsh
+}
+
+expect "Changing the login shell for myuser"
+expect "Enter the new value, or press ENTER for the default"
+expect -re "Login Shell .*\]: "
+send "$shell\r"
+expect "$shell\r\n"
+expect {
+	eof {
+		if ([string compare $expect_out(buffer) ""]) {
+			set fp [open "tmp/out" w]
+			puts $fp "$expect_out(buffer)"
+			puts "\nFAIL"
+			exit 1
+		}
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/chsh/02_chsh_usage/chsh.test b/tests/chsh/02_chsh_usage/chsh.test
new file mode 100755
index 0000000..3a6e656
--- /dev/null
+++ b/tests/chsh/02_chsh_usage/chsh.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get chsh usage (chsh -h)..."
+chsh -h >tmp/usage.out
+echo "OK"
+
+echo "chsh reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/chsh/02_chsh_usage/config.txt b/tests/chsh/02_chsh_usage/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/chsh/02_chsh_usage/config.txt
diff --git a/tests/chsh/02_chsh_usage/config/etc/group b/tests/chsh/02_chsh_usage/config/etc/group
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/chsh/02_chsh_usage/config/etc/group
diff --git a/tests/chsh/02_chsh_usage/config/etc/gshadow b/tests/chsh/02_chsh_usage/config/etc/gshadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/chsh/02_chsh_usage/config/etc/gshadow
diff --git a/tests/chsh/02_chsh_usage/config/etc/passwd b/tests/chsh/02_chsh_usage/config/etc/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/chsh/02_chsh_usage/config/etc/passwd
diff --git a/tests/chsh/02_chsh_usage/config/etc/shadow b/tests/chsh/02_chsh_usage/config/etc/shadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/chsh/02_chsh_usage/config/etc/shadow
diff --git a/tests/chsh/02_chsh_usage/data/usage.out b/tests/chsh/02_chsh_usage/data/usage.out
new file mode 100644
index 0000000..ef576ec
--- /dev/null
+++ b/tests/chsh/02_chsh_usage/data/usage.out
@@ -0,0 +1,7 @@
+Usage: chsh [options] [LOGIN]
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             new login shell for the user account
+
diff --git a/tests/chsh/03_chsh_usage_invalid_option/chsh.test b/tests/chsh/03_chsh_usage_invalid_option/chsh.test
new file mode 100755
index 0000000..4552cc3
--- /dev/null
+++ b/tests/chsh/03_chsh_usage_invalid_option/chsh.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh displays its usage message is case of invalid option"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use wrong chsh option (chsh -Z)..."
+chsh -Z 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "chsh reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/chsh/03_chsh_usage_invalid_option/config.txt b/tests/chsh/03_chsh_usage_invalid_option/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/chsh/03_chsh_usage_invalid_option/config.txt
diff --git a/tests/chsh/03_chsh_usage_invalid_option/config/etc/group b/tests/chsh/03_chsh_usage_invalid_option/config/etc/group
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/chsh/03_chsh_usage_invalid_option/config/etc/group
diff --git a/tests/chsh/03_chsh_usage_invalid_option/config/etc/gshadow b/tests/chsh/03_chsh_usage_invalid_option/config/etc/gshadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/chsh/03_chsh_usage_invalid_option/config/etc/gshadow
diff --git a/tests/chsh/03_chsh_usage_invalid_option/config/etc/passwd b/tests/chsh/03_chsh_usage_invalid_option/config/etc/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/chsh/03_chsh_usage_invalid_option/config/etc/passwd
diff --git a/tests/chsh/03_chsh_usage_invalid_option/config/etc/shadow b/tests/chsh/03_chsh_usage_invalid_option/config/etc/shadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/chsh/03_chsh_usage_invalid_option/config/etc/shadow
diff --git a/tests/chsh/03_chsh_usage_invalid_option/data/usage.out b/tests/chsh/03_chsh_usage_invalid_option/data/usage.out
new file mode 100644
index 0000000..e930bab
--- /dev/null
+++ b/tests/chsh/03_chsh_usage_invalid_option/data/usage.out
@@ -0,0 +1,8 @@
+chsh: invalid option -- 'Z'
+Usage: chsh [options] [LOGIN]
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             new login shell for the user account
+
diff --git a/tests/chsh/04_chsh_usage_2_users/chsh.test b/tests/chsh/04_chsh_usage_2_users/chsh.test
new file mode 100755
index 0000000..ef1c181
--- /dev/null
+++ b/tests/chsh/04_chsh_usage_2_users/chsh.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh displays its usage message is case multiple users are provided"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use chsh with 2 users (chsh -s /bin/sh root bin)..."
+chsh -s /bin/sh root bin 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "chsh reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/chsh/04_chsh_usage_2_users/config.txt b/tests/chsh/04_chsh_usage_2_users/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/chsh/04_chsh_usage_2_users/config.txt
diff --git a/tests/chsh/04_chsh_usage_2_users/config/etc/group b/tests/chsh/04_chsh_usage_2_users/config/etc/group
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/chsh/04_chsh_usage_2_users/config/etc/group
diff --git a/tests/chsh/04_chsh_usage_2_users/config/etc/gshadow b/tests/chsh/04_chsh_usage_2_users/config/etc/gshadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/chsh/04_chsh_usage_2_users/config/etc/gshadow
diff --git a/tests/chsh/04_chsh_usage_2_users/config/etc/passwd b/tests/chsh/04_chsh_usage_2_users/config/etc/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/chsh/04_chsh_usage_2_users/config/etc/passwd
diff --git a/tests/chsh/04_chsh_usage_2_users/config/etc/shadow b/tests/chsh/04_chsh_usage_2_users/config/etc/shadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/chsh/04_chsh_usage_2_users/config/etc/shadow
diff --git a/tests/chsh/04_chsh_usage_2_users/data/usage.out b/tests/chsh/04_chsh_usage_2_users/data/usage.out
new file mode 100644
index 0000000..ef576ec
--- /dev/null
+++ b/tests/chsh/04_chsh_usage_2_users/data/usage.out
@@ -0,0 +1,7 @@
+Usage: chsh [options] [LOGIN]
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             new login shell for the user account
+
diff --git a/tests/chsh/05_chsh_myuser_restricted_shell/chsh.test b/tests/chsh/05_chsh_myuser_restricted_shell/chsh.test
new file mode 100755
index 0000000..4844266
--- /dev/null
+++ b/tests/chsh/05_chsh_myuser_restricted_shell/chsh.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh can displays its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+chmod a+w tmp
+
+echo -n "execute chsh..."
+su myuser -c "./run.exp /bin/sh"
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/chsh/05_chsh_myuser_restricted_shell/config.txt b/tests/chsh/05_chsh_myuser_restricted_shell/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/chsh/05_chsh_myuser_restricted_shell/config.txt
diff --git a/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/group b/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/gshadow b/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/passwd b/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/passwd
new file mode 100644
index 0000000..37b0467
--- /dev/null
+++ b/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/shadow b/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/shadow
new file mode 100644
index 0000000..f004fa2
--- /dev/null
+++ b/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/shells b/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/shells
new file mode 100644
index 0000000..16e922a
--- /dev/null
+++ b/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/shells
@@ -0,0 +1,15 @@
+# /etc/shells: valid login shells
+/bin/ash
+/bin/csh
+/bin/sh
+/usr/bin/es
+/usr/bin/ksh
+/bin/ksh
+/usr/bin/rc
+/usr/bin/tcsh
+/bin/tcsh
+/usr/bin/zsh
+/bin/sash
+#/bin/zsh
+/usr/bin/esh
+/bin/rbash
diff --git a/tests/chsh/05_chsh_myuser_restricted_shell/run.exp b/tests/chsh/05_chsh_myuser_restricted_shell/run.exp
new file mode 100755
index 0000000..1abf085
--- /dev/null
+++ b/tests/chsh/05_chsh_myuser_restricted_shell/run.exp
@@ -0,0 +1,34 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+if {$argc < 1} {
+	puts "usage: run.exp \[shell] \[user]"
+	exit 1
+}
+set shell     [lindex $argv 0]
+
+if {$argc == 2} {
+	spawn /usr/bin/chsh [lindex $argv 1]
+} else {
+	spawn /usr/bin/chsh
+}
+
+expect "You may not change the shell for 'myuser'.\r\n"
+expect {
+	eof {
+		if ([string compare $expect_out(buffer) ""]) {
+			set fp [open "tmp/out" w]
+			puts $fp "$expect_out(buffer)"
+			puts "\nFAIL"
+			exit 1
+		}
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/chsh/06_chsh_myuser_non_restricted_shell/chsh.test b/tests/chsh/06_chsh_myuser_non_restricted_shell/chsh.test
new file mode 100755
index 0000000..d8d88ac
--- /dev/null
+++ b/tests/chsh/06_chsh_myuser_non_restricted_shell/chsh.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh can displays its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+chmod a+w tmp
+
+echo -n "execute chsh..."
+su myuser -c "./run.exp /bin/sh"
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/chsh/06_chsh_myuser_non_restricted_shell/config.txt b/tests/chsh/06_chsh_myuser_non_restricted_shell/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/chsh/06_chsh_myuser_non_restricted_shell/config.txt
diff --git a/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/group b/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/gshadow b/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/passwd b/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/passwd
new file mode 100644
index 0000000..37b0467
--- /dev/null
+++ b/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/shadow b/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/shadow
new file mode 100644
index 0000000..f004fa2
--- /dev/null
+++ b/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/shells b/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/shells
new file mode 100644
index 0000000..d52a3bf
--- /dev/null
+++ b/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/shells
@@ -0,0 +1,16 @@
+# /etc/shells: valid login shells
+/bin/ash
+/bin/csh
+/bin/sh
+/usr/bin/es
+/usr/bin/ksh
+/bin/ksh
+/usr/bin/rc
+/usr/bin/tcsh
+/bin/tcsh
+/usr/bin/zsh
+/bin/sash
+#/bin/zsh
+/usr/bin/esh
+/bin/bash
+/bin/rbash
diff --git a/tests/chsh/06_chsh_myuser_non_restricted_shell/data/passwd b/tests/chsh/06_chsh_myuser_non_restricted_shell/data/passwd
new file mode 100644
index 0000000..ae3eda3
--- /dev/null
+++ b/tests/chsh/06_chsh_myuser_non_restricted_shell/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/chsh/06_chsh_myuser_non_restricted_shell/run.exp b/tests/chsh/06_chsh_myuser_non_restricted_shell/run.exp
new file mode 100755
index 0000000..0c0e023
--- /dev/null
+++ b/tests/chsh/06_chsh_myuser_non_restricted_shell/run.exp
@@ -0,0 +1,40 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+if {$argc < 1} {
+	puts "usage: run.exp \[shell] \[user]"
+	exit 1
+}
+set shell     [lindex $argv 0]
+
+if {$argc == 2} {
+	spawn /usr/bin/chsh [lindex $argv 1]
+} else {
+	spawn /usr/bin/chsh
+}
+
+expect "Password: "
+send "myuserF00barbaz\r"
+expect "Changing the login shell for myuser"
+expect "Enter the new value, or press ENTER for the default"
+expect -re "Login Shell .*\]: "
+send "$shell\r"
+expect "$shell\r\n"
+expect {
+	eof {
+		if ([string compare $expect_out(buffer) ""]) {
+			set fp [open "tmp/out" w]
+			puts $fp "$expect_out(buffer)"
+			puts "\nFAIL"
+			exit 1
+		}
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/chsh/07_chsh_usage_invalid_user/chsh.test b/tests/chsh/07_chsh_usage_invalid_user/chsh.test
new file mode 100755
index 0000000..5d76de2
--- /dev/null
+++ b/tests/chsh/07_chsh_usage_invalid_user/chsh.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh checks that the user exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use chsh for an invalid user (chsh wronguser)..."
+chsh wronguser 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chsh reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/chsh/07_chsh_usage_invalid_user/config.txt b/tests/chsh/07_chsh_usage_invalid_user/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/chsh/07_chsh_usage_invalid_user/config.txt
diff --git a/tests/chsh/07_chsh_usage_invalid_user/config/etc/group b/tests/chsh/07_chsh_usage_invalid_user/config/etc/group
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/chsh/07_chsh_usage_invalid_user/config/etc/group
diff --git a/tests/chsh/07_chsh_usage_invalid_user/config/etc/gshadow b/tests/chsh/07_chsh_usage_invalid_user/config/etc/gshadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/chsh/07_chsh_usage_invalid_user/config/etc/gshadow
diff --git a/tests/chsh/07_chsh_usage_invalid_user/config/etc/passwd b/tests/chsh/07_chsh_usage_invalid_user/config/etc/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/chsh/07_chsh_usage_invalid_user/config/etc/passwd
diff --git a/tests/chsh/07_chsh_usage_invalid_user/config/etc/shadow b/tests/chsh/07_chsh_usage_invalid_user/config/etc/shadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/chsh/07_chsh_usage_invalid_user/config/etc/shadow
diff --git a/tests/chsh/07_chsh_usage_invalid_user/data/usage.out b/tests/chsh/07_chsh_usage_invalid_user/data/usage.out
new file mode 100644
index 0000000..f57326c
--- /dev/null
+++ b/tests/chsh/07_chsh_usage_invalid_user/data/usage.out
@@ -0,0 +1 @@
+chsh: user 'wronguser' does not exist
diff --git a/tests/chsh/08_chsh_myuser_to_restricted_shell/chsh.test b/tests/chsh/08_chsh_myuser_to_restricted_shell/chsh.test
new file mode 100755
index 0000000..611d1a6
--- /dev/null
+++ b/tests/chsh/08_chsh_myuser_to_restricted_shell/chsh.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh can displays its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+chmod a+w tmp
+
+echo -n "execute chsh..."
+su myuser -c "./run.exp /bin/bash"
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/chsh/08_chsh_myuser_to_restricted_shell/config.txt b/tests/chsh/08_chsh_myuser_to_restricted_shell/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/chsh/08_chsh_myuser_to_restricted_shell/config.txt
diff --git a/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/group b/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/gshadow b/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/passwd b/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/passwd
new file mode 100644
index 0000000..ae3eda3
--- /dev/null
+++ b/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/shadow b/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/shadow
new file mode 100644
index 0000000..f004fa2
--- /dev/null
+++ b/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/shells b/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/shells
new file mode 100644
index 0000000..16e922a
--- /dev/null
+++ b/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/shells
@@ -0,0 +1,15 @@
+# /etc/shells: valid login shells
+/bin/ash
+/bin/csh
+/bin/sh
+/usr/bin/es
+/usr/bin/ksh
+/bin/ksh
+/usr/bin/rc
+/usr/bin/tcsh
+/bin/tcsh
+/usr/bin/zsh
+/bin/sash
+#/bin/zsh
+/usr/bin/esh
+/bin/rbash
diff --git a/tests/chsh/08_chsh_myuser_to_restricted_shell/data/passwd b/tests/chsh/08_chsh_myuser_to_restricted_shell/data/passwd
new file mode 100644
index 0000000..ae3eda3
--- /dev/null
+++ b/tests/chsh/08_chsh_myuser_to_restricted_shell/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/chsh/08_chsh_myuser_to_restricted_shell/run.exp b/tests/chsh/08_chsh_myuser_to_restricted_shell/run.exp
new file mode 100755
index 0000000..b1bd8d6
--- /dev/null
+++ b/tests/chsh/08_chsh_myuser_to_restricted_shell/run.exp
@@ -0,0 +1,41 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+if {$argc < 1} {
+	puts "usage: run.exp \[shell] \[user]"
+	exit 1
+}
+set shell     [lindex $argv 0]
+
+if {$argc == 2} {
+	spawn /usr/bin/chsh [lindex $argv 1]
+} else {
+	spawn /usr/bin/chsh
+}
+
+expect "Password: "
+send "myuserF00barbaz\r"
+expect "Changing the login shell for myuser"
+expect "Enter the new value, or press ENTER for the default"
+expect -re "Login Shell .*\]: "
+send "$shell\r"
+expect "$shell\r\n"
+expect "chsh: $shell is an invalid shell\r\n"
+expect {
+	eof {
+		if ([string compare $expect_out(buffer) ""]) {
+			set fp [open "tmp/out" w]
+			puts $fp "$expect_out(buffer)"
+			puts "\nFAIL"
+			exit 1
+		}
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/chsh/09_chsh_myuser_to_missing_shell/chsh.test b/tests/chsh/09_chsh_myuser_to_missing_shell/chsh.test
new file mode 100755
index 0000000..6248780
--- /dev/null
+++ b/tests/chsh/09_chsh_myuser_to_missing_shell/chsh.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh can displays its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+chmod a+w tmp
+
+echo /tmp/bash >> /etc/shells
+echo -n "execute chsh..."
+su myuser -c "./run.exp /tmp/bash"
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/chsh/09_chsh_myuser_to_missing_shell/config.txt b/tests/chsh/09_chsh_myuser_to_missing_shell/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/chsh/09_chsh_myuser_to_missing_shell/config.txt
diff --git a/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/group b/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/gshadow b/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/passwd b/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/passwd
new file mode 100644
index 0000000..ae3eda3
--- /dev/null
+++ b/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/shadow b/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/shadow
new file mode 100644
index 0000000..f004fa2
--- /dev/null
+++ b/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/shells b/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/shells
new file mode 100644
index 0000000..16e922a
--- /dev/null
+++ b/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/shells
@@ -0,0 +1,15 @@
+# /etc/shells: valid login shells
+/bin/ash
+/bin/csh
+/bin/sh
+/usr/bin/es
+/usr/bin/ksh
+/bin/ksh
+/usr/bin/rc
+/usr/bin/tcsh
+/bin/tcsh
+/usr/bin/zsh
+/bin/sash
+#/bin/zsh
+/usr/bin/esh
+/bin/rbash
diff --git a/tests/chsh/09_chsh_myuser_to_missing_shell/data/passwd b/tests/chsh/09_chsh_myuser_to_missing_shell/data/passwd
new file mode 100644
index 0000000..ae3eda3
--- /dev/null
+++ b/tests/chsh/09_chsh_myuser_to_missing_shell/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/chsh/09_chsh_myuser_to_missing_shell/run.exp b/tests/chsh/09_chsh_myuser_to_missing_shell/run.exp
new file mode 100755
index 0000000..b1bd8d6
--- /dev/null
+++ b/tests/chsh/09_chsh_myuser_to_missing_shell/run.exp
@@ -0,0 +1,41 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+if {$argc < 1} {
+	puts "usage: run.exp \[shell] \[user]"
+	exit 1
+}
+set shell     [lindex $argv 0]
+
+if {$argc == 2} {
+	spawn /usr/bin/chsh [lindex $argv 1]
+} else {
+	spawn /usr/bin/chsh
+}
+
+expect "Password: "
+send "myuserF00barbaz\r"
+expect "Changing the login shell for myuser"
+expect "Enter the new value, or press ENTER for the default"
+expect -re "Login Shell .*\]: "
+send "$shell\r"
+expect "$shell\r\n"
+expect "chsh: $shell is an invalid shell\r\n"
+expect {
+	eof {
+		if ([string compare $expect_out(buffer) ""]) {
+			set fp [open "tmp/out" w]
+			puts $fp "$expect_out(buffer)"
+			puts "\nFAIL"
+			exit 1
+		}
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/chsh/10_chsh_myuser_to_non_executable_shell/chsh.test b/tests/chsh/10_chsh_myuser_to_non_executable_shell/chsh.test
new file mode 100755
index 0000000..7dd4642
--- /dev/null
+++ b/tests/chsh/10_chsh_myuser_to_non_executable_shell/chsh.test
@@ -0,0 +1,46 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh can displays its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /tmp/bash' 0
+
+change_config
+
+chmod a+w tmp
+
+echo /tmp/bash >> /etc/shells
+cp /bin/bash /tmp/bash
+chmod a-x /tmp/bash
+
+echo -n "execute chsh..."
+su myuser -c "./run.exp /tmp/bash"
+echo "OK"
+rm -f /tmp/bash
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/chsh/10_chsh_myuser_to_non_executable_shell/config.txt b/tests/chsh/10_chsh_myuser_to_non_executable_shell/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/chsh/10_chsh_myuser_to_non_executable_shell/config.txt
diff --git a/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/group b/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/gshadow b/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/passwd b/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/passwd
new file mode 100644
index 0000000..ae3eda3
--- /dev/null
+++ b/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/shadow b/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/shadow
new file mode 100644
index 0000000..f004fa2
--- /dev/null
+++ b/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/shells b/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/shells
new file mode 100644
index 0000000..16e922a
--- /dev/null
+++ b/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/shells
@@ -0,0 +1,15 @@
+# /etc/shells: valid login shells
+/bin/ash
+/bin/csh
+/bin/sh
+/usr/bin/es
+/usr/bin/ksh
+/bin/ksh
+/usr/bin/rc
+/usr/bin/tcsh
+/bin/tcsh
+/usr/bin/zsh
+/bin/sash
+#/bin/zsh
+/usr/bin/esh
+/bin/rbash
diff --git a/tests/chsh/10_chsh_myuser_to_non_executable_shell/data/passwd b/tests/chsh/10_chsh_myuser_to_non_executable_shell/data/passwd
new file mode 100644
index 0000000..ae3eda3
--- /dev/null
+++ b/tests/chsh/10_chsh_myuser_to_non_executable_shell/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/chsh/10_chsh_myuser_to_non_executable_shell/run.exp b/tests/chsh/10_chsh_myuser_to_non_executable_shell/run.exp
new file mode 100755
index 0000000..b1bd8d6
--- /dev/null
+++ b/tests/chsh/10_chsh_myuser_to_non_executable_shell/run.exp
@@ -0,0 +1,41 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+if {$argc < 1} {
+	puts "usage: run.exp \[shell] \[user]"
+	exit 1
+}
+set shell     [lindex $argv 0]
+
+if {$argc == 2} {
+	spawn /usr/bin/chsh [lindex $argv 1]
+} else {
+	spawn /usr/bin/chsh
+}
+
+expect "Password: "
+send "myuserF00barbaz\r"
+expect "Changing the login shell for myuser"
+expect "Enter the new value, or press ENTER for the default"
+expect -re "Login Shell .*\]: "
+send "$shell\r"
+expect "$shell\r\n"
+expect "chsh: $shell is an invalid shell\r\n"
+expect {
+	eof {
+		if ([string compare $expect_out(buffer) ""]) {
+			set fp [open "tmp/out" w]
+			puts $fp "$expect_out(buffer)"
+			puts "\nFAIL"
+			exit 1
+		}
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/chsh/11_chsh_auth_failure/chsh.test b/tests/chsh/11_chsh_auth_failure/chsh.test
new file mode 100755
index 0000000..dda9bc6
--- /dev/null
+++ b/tests/chsh/11_chsh_auth_failure/chsh.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh checks password for non root"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+chmod a+w tmp
+
+echo -n "execute chsh..."
+su myuser -c "./run.exp /bin/bash"
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/chsh/11_chsh_auth_failure/config.txt b/tests/chsh/11_chsh_auth_failure/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/chsh/11_chsh_auth_failure/config.txt
diff --git a/tests/chsh/11_chsh_auth_failure/config/etc/group b/tests/chsh/11_chsh_auth_failure/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/chsh/11_chsh_auth_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/chsh/11_chsh_auth_failure/config/etc/gshadow b/tests/chsh/11_chsh_auth_failure/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/chsh/11_chsh_auth_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/chsh/11_chsh_auth_failure/config/etc/passwd b/tests/chsh/11_chsh_auth_failure/config/etc/passwd
new file mode 100644
index 0000000..ae3eda3
--- /dev/null
+++ b/tests/chsh/11_chsh_auth_failure/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/chsh/11_chsh_auth_failure/config/etc/shadow b/tests/chsh/11_chsh_auth_failure/config/etc/shadow
new file mode 100644
index 0000000..f004fa2
--- /dev/null
+++ b/tests/chsh/11_chsh_auth_failure/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/chsh/11_chsh_auth_failure/config/etc/shells b/tests/chsh/11_chsh_auth_failure/config/etc/shells
new file mode 100644
index 0000000..16e922a
--- /dev/null
+++ b/tests/chsh/11_chsh_auth_failure/config/etc/shells
@@ -0,0 +1,15 @@
+# /etc/shells: valid login shells
+/bin/ash
+/bin/csh
+/bin/sh
+/usr/bin/es
+/usr/bin/ksh
+/bin/ksh
+/usr/bin/rc
+/usr/bin/tcsh
+/bin/tcsh
+/usr/bin/zsh
+/bin/sash
+#/bin/zsh
+/usr/bin/esh
+/bin/rbash
diff --git a/tests/chsh/11_chsh_auth_failure/data/passwd b/tests/chsh/11_chsh_auth_failure/data/passwd
new file mode 100644
index 0000000..ae3eda3
--- /dev/null
+++ b/tests/chsh/11_chsh_auth_failure/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/chsh/11_chsh_auth_failure/run.exp b/tests/chsh/11_chsh_auth_failure/run.exp
new file mode 100755
index 0000000..67e3455
--- /dev/null
+++ b/tests/chsh/11_chsh_auth_failure/run.exp
@@ -0,0 +1,36 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+if {$argc < 1} {
+	puts "usage: run.exp \[shell] \[user]"
+	exit 1
+}
+set shell     [lindex $argv 0]
+
+if {$argc == 2} {
+	spawn /usr/bin/chsh [lindex $argv 1]
+} else {
+	spawn /usr/bin/chsh
+}
+
+expect "Password: "
+send "wrong pass\r"
+expect "chsh: PAM: Authentication failure\r\n"
+expect {
+	eof {
+		if ([string compare $expect_out(buffer) ""]) {
+			set fp [open "tmp/out" w]
+			puts $fp "$expect_out(buffer)"
+			puts "\nFAIL"
+			exit 1
+		}
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/chsh/12_chsh_warning_missing_shell/chsh.test b/tests/chsh/12_chsh_warning_missing_shell/chsh.test
new file mode 100755
index 0000000..de12b13
--- /dev/null
+++ b/tests/chsh/12_chsh_warning_missing_shell/chsh.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh can displays its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change shell to a missing shell (chsh -s /tmp/bash bin)..."
+chsh -s /tmp/bash bin 2>tmp/chsh.err
+echo "OK"
+
+echo "chsh reported:"
+echo "======================================================================="
+cat tmp/chsh.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/chsh.err tmp/chsh.err
+echo "usage message OK."
+rm -f tmp/chsh.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/chsh/12_chsh_warning_missing_shell/config.txt b/tests/chsh/12_chsh_warning_missing_shell/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/chsh/12_chsh_warning_missing_shell/config.txt
diff --git a/tests/chsh/12_chsh_warning_missing_shell/config/etc/group b/tests/chsh/12_chsh_warning_missing_shell/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/chsh/12_chsh_warning_missing_shell/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/chsh/12_chsh_warning_missing_shell/config/etc/gshadow b/tests/chsh/12_chsh_warning_missing_shell/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/chsh/12_chsh_warning_missing_shell/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/chsh/12_chsh_warning_missing_shell/config/etc/pam.d/chsh b/tests/chsh/12_chsh_warning_missing_shell/config/etc/pam.d/chsh
new file mode 100644
index 0000000..7eb604d
--- /dev/null
+++ b/tests/chsh/12_chsh_warning_missing_shell/config/etc/pam.d/chsh
@@ -0,0 +1,20 @@
+#
+# The PAM configuration file for the Shadow `chsh' service
+#
+
+# This will not allow a user to change their shell unless
+# their current one is listed in /etc/shells. This keeps
+# accounts with special shells from changing them.
+auth       required   pam_shells.so
+
+# This allows root to change user shell without being
+# prompted for a password
+auth		sufficient	pam_rootok.so
+
+# The standard Unix authentication modules, used with
+# NIS (man nsswitch) as well as normal /etc/passwd and
+# /etc/shadow entries.
+@include common-auth
+@include common-account
+@include common-session
+
diff --git a/tests/chsh/12_chsh_warning_missing_shell/config/etc/passwd b/tests/chsh/12_chsh_warning_missing_shell/config/etc/passwd
new file mode 100644
index 0000000..ae3eda3
--- /dev/null
+++ b/tests/chsh/12_chsh_warning_missing_shell/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/chsh/12_chsh_warning_missing_shell/config/etc/shadow b/tests/chsh/12_chsh_warning_missing_shell/config/etc/shadow
new file mode 100644
index 0000000..f004fa2
--- /dev/null
+++ b/tests/chsh/12_chsh_warning_missing_shell/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/chsh/12_chsh_warning_missing_shell/config/etc/shells b/tests/chsh/12_chsh_warning_missing_shell/config/etc/shells
new file mode 100644
index 0000000..4fd4378
--- /dev/null
+++ b/tests/chsh/12_chsh_warning_missing_shell/config/etc/shells
@@ -0,0 +1,16 @@
+# /etc/shells: valid login shells
+/bin/ash
+/bin/csh
+/bin/sh
+/usr/bin/es
+/usr/bin/ksh
+/bin/ksh
+/usr/bin/rc
+/usr/bin/tcsh
+/bin/tcsh
+/usr/bin/zsh
+/bin/sash
+/bin/zsh
+/usr/bin/esh
+/bin/bash
+/bin/rbash
diff --git a/tests/chsh/12_chsh_warning_missing_shell/data/chsh.err b/tests/chsh/12_chsh_warning_missing_shell/data/chsh.err
new file mode 100644
index 0000000..7801a16
--- /dev/null
+++ b/tests/chsh/12_chsh_warning_missing_shell/data/chsh.err
@@ -0,0 +1 @@
+chsh: Warning: /tmp/bash does not exist
diff --git a/tests/chsh/12_chsh_warning_missing_shell/data/passwd b/tests/chsh/12_chsh_warning_missing_shell/data/passwd
new file mode 100644
index 0000000..7e745d9
--- /dev/null
+++ b/tests/chsh/12_chsh_warning_missing_shell/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/tmp/bash
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/chsh/13_chsh_warning_non_executable/chsh.test b/tests/chsh/13_chsh_warning_non_executable/chsh.test
new file mode 100755
index 0000000..c98bad7
--- /dev/null
+++ b/tests/chsh/13_chsh_warning_non_executable/chsh.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh can displays its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /tmp/bash' 0
+
+change_config
+
+cp /bin/bash /tmp/bash
+chmod a-x /tmp/bash
+
+echo -n "Change shell to a missing shell (chsh -s /tmp/bash bin)..."
+chsh -s /tmp/bash bin 2>tmp/chsh.err
+echo "OK"
+rm -f /tmp/bash
+
+echo "chsh reported:"
+echo "======================================================================="
+cat tmp/chsh.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/chsh.err tmp/chsh.err
+echo "usage message OK."
+rm -f tmp/chsh.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/chsh/13_chsh_warning_non_executable/config.txt b/tests/chsh/13_chsh_warning_non_executable/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/chsh/13_chsh_warning_non_executable/config.txt
diff --git a/tests/chsh/13_chsh_warning_non_executable/config/etc/group b/tests/chsh/13_chsh_warning_non_executable/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/chsh/13_chsh_warning_non_executable/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/chsh/13_chsh_warning_non_executable/config/etc/gshadow b/tests/chsh/13_chsh_warning_non_executable/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/chsh/13_chsh_warning_non_executable/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/chsh/13_chsh_warning_non_executable/config/etc/pam.d/chsh b/tests/chsh/13_chsh_warning_non_executable/config/etc/pam.d/chsh
new file mode 100644
index 0000000..7eb604d
--- /dev/null
+++ b/tests/chsh/13_chsh_warning_non_executable/config/etc/pam.d/chsh
@@ -0,0 +1,20 @@
+#
+# The PAM configuration file for the Shadow `chsh' service
+#
+
+# This will not allow a user to change their shell unless
+# their current one is listed in /etc/shells. This keeps
+# accounts with special shells from changing them.
+auth       required   pam_shells.so
+
+# This allows root to change user shell without being
+# prompted for a password
+auth		sufficient	pam_rootok.so
+
+# The standard Unix authentication modules, used with
+# NIS (man nsswitch) as well as normal /etc/passwd and
+# /etc/shadow entries.
+@include common-auth
+@include common-account
+@include common-session
+
diff --git a/tests/chsh/13_chsh_warning_non_executable/config/etc/passwd b/tests/chsh/13_chsh_warning_non_executable/config/etc/passwd
new file mode 100644
index 0000000..ae3eda3
--- /dev/null
+++ b/tests/chsh/13_chsh_warning_non_executable/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/chsh/13_chsh_warning_non_executable/config/etc/shadow b/tests/chsh/13_chsh_warning_non_executable/config/etc/shadow
new file mode 100644
index 0000000..f004fa2
--- /dev/null
+++ b/tests/chsh/13_chsh_warning_non_executable/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/chsh/13_chsh_warning_non_executable/config/etc/shells b/tests/chsh/13_chsh_warning_non_executable/config/etc/shells
new file mode 100644
index 0000000..4fd4378
--- /dev/null
+++ b/tests/chsh/13_chsh_warning_non_executable/config/etc/shells
@@ -0,0 +1,16 @@
+# /etc/shells: valid login shells
+/bin/ash
+/bin/csh
+/bin/sh
+/usr/bin/es
+/usr/bin/ksh
+/bin/ksh
+/usr/bin/rc
+/usr/bin/tcsh
+/bin/tcsh
+/usr/bin/zsh
+/bin/sash
+/bin/zsh
+/usr/bin/esh
+/bin/bash
+/bin/rbash
diff --git a/tests/chsh/13_chsh_warning_non_executable/data/chsh.err b/tests/chsh/13_chsh_warning_non_executable/data/chsh.err
new file mode 100644
index 0000000..4a87ec2
--- /dev/null
+++ b/tests/chsh/13_chsh_warning_non_executable/data/chsh.err
@@ -0,0 +1 @@
+chsh: Warning: /tmp/bash is not executable
diff --git a/tests/chsh/13_chsh_warning_non_executable/data/passwd b/tests/chsh/13_chsh_warning_non_executable/data/passwd
new file mode 100644
index 0000000..7e745d9
--- /dev/null
+++ b/tests/chsh/13_chsh_warning_non_executable/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/tmp/bash
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/chsh/14_chsh_locked_passwd/chsh.test b/tests/chsh/14_chsh_locked_passwd/chsh.test
new file mode 100755
index 0000000..c41e1eb
--- /dev/null
+++ b/tests/chsh/14_chsh_locked_passwd/chsh.test
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh warns when passwd is already locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/passwd.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/passwd..."
+touch /etc/passwd.lock
+echo "done"
+
+echo -n "Change shell (chsh -s /bin/bash bin)..."
+chsh -s /bin/bash bin 2>tmp/chsh.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+rm -f /etc/passwd.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chsh reported:"
+echo "======================================================================="
+cat tmp/chsh.err
+echo "======================================================================="
+echo -n "Check the error message..."
+diff -au data/chsh.err tmp/chsh.err
+echo "error message OK."
+rm -f tmp/chsh.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/chsh/14_chsh_locked_passwd/config.txt b/tests/chsh/14_chsh_locked_passwd/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/chsh/14_chsh_locked_passwd/config.txt
diff --git a/tests/chsh/14_chsh_locked_passwd/config/etc/group b/tests/chsh/14_chsh_locked_passwd/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/chsh/14_chsh_locked_passwd/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/chsh/14_chsh_locked_passwd/config/etc/gshadow b/tests/chsh/14_chsh_locked_passwd/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/chsh/14_chsh_locked_passwd/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/chsh/14_chsh_locked_passwd/config/etc/passwd b/tests/chsh/14_chsh_locked_passwd/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/chsh/14_chsh_locked_passwd/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/chsh/14_chsh_locked_passwd/config/etc/shadow b/tests/chsh/14_chsh_locked_passwd/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/chsh/14_chsh_locked_passwd/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/chsh/14_chsh_locked_passwd/data/chsh.err b/tests/chsh/14_chsh_locked_passwd/data/chsh.err
new file mode 100644
index 0000000..c5ebce9
--- /dev/null
+++ b/tests/chsh/14_chsh_locked_passwd/data/chsh.err
@@ -0,0 +1,2 @@
+chsh: existing lock file /etc/passwd.lock without a PID
+chsh: cannot lock /etc/passwd; try again later.
diff --git a/tests/chsh/15_chsh_PAM_error/chsh.test b/tests/chsh/15_chsh_PAM_error/chsh.test
new file mode 100755
index 0000000..c900e0c
--- /dev/null
+++ b/tests/chsh/15_chsh_PAM_error/chsh.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh warns when the chsh PAM configuration is invalid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove the PAM configuration (/etc/pam.d/chsh /etc/pam.d/other)..."
+rm -f /etc/pam.d/chsh /etc/pam.d/other
+echo OK
+
+echo -n "Change shell (chsh -s /bin/bash bin)..."
+chsh -s /bin/bash bin 2>tmp/chsh.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chsh reported:"
+echo "======================================================================="
+cat tmp/chsh.err
+echo "======================================================================="
+echo -n "Check the error message..."
+diff -au data/chsh.err tmp/chsh.err
+echo "error message OK."
+rm -f tmp/chsh.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/chsh/15_chsh_PAM_error/config.txt b/tests/chsh/15_chsh_PAM_error/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/chsh/15_chsh_PAM_error/config.txt
diff --git a/tests/chsh/15_chsh_PAM_error/config/etc/group b/tests/chsh/15_chsh_PAM_error/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/chsh/15_chsh_PAM_error/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/chsh/15_chsh_PAM_error/config/etc/gshadow b/tests/chsh/15_chsh_PAM_error/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/chsh/15_chsh_PAM_error/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/chsh/15_chsh_PAM_error/config/etc/pam.d/chsh b/tests/chsh/15_chsh_PAM_error/config/etc/pam.d/chsh
new file mode 100644
index 0000000..9152969
--- /dev/null
+++ b/tests/chsh/15_chsh_PAM_error/config/etc/pam.d/chsh
@@ -0,0 +1 @@
+This file will be removed
diff --git a/tests/chsh/15_chsh_PAM_error/config/etc/pam.d/other b/tests/chsh/15_chsh_PAM_error/config/etc/pam.d/other
new file mode 100644
index 0000000..9152969
--- /dev/null
+++ b/tests/chsh/15_chsh_PAM_error/config/etc/pam.d/other
@@ -0,0 +1 @@
+This file will be removed
diff --git a/tests/chsh/15_chsh_PAM_error/config/etc/passwd b/tests/chsh/15_chsh_PAM_error/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/chsh/15_chsh_PAM_error/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/chsh/15_chsh_PAM_error/config/etc/shadow b/tests/chsh/15_chsh_PAM_error/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/chsh/15_chsh_PAM_error/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/chsh/15_chsh_PAM_error/data/chsh.err b/tests/chsh/15_chsh_PAM_error/data/chsh.err
new file mode 100644
index 0000000..5c039d5
--- /dev/null
+++ b/tests/chsh/15_chsh_PAM_error/data/chsh.err
@@ -0,0 +1 @@
+chsh: PAM: Critical error - immediate abort