summaryrefslogtreecommitdiffstats
path: root/TODO
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 12:50:00 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 12:50:00 +0000
commit333f7ecfa3e040191c66b2b92f6c117ca2cbac1d (patch)
tree178a8f140927896970f47930dae9213161268f10 /TODO
parentInitial commit. (diff)
downloadshadow-upstream.tar.xz
shadow-upstream.zip
Adding upstream version 1:4.8.1.upstream/1%4.8.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--TODO127
1 files changed, 127 insertions, 0 deletions
diff --git a/TODO b/TODO
new file mode 100644
index 0000000..5cfa252
--- /dev/null
+++ b/TODO
@@ -0,0 +1,127 @@
+ * Create a common usage function that'd take the array of
+ long options and an array of descriptions and output that so things would
+ be standardized across the utils.
+ Usage strings should be normalized and split first.
+ Investigate optparse.
+
+
+/etc/default/useradd
+ * GROUP=1000 should accept a group name.
+
+Check when RLOGIN is enabled if ruserok() exists
+
+Move selinux_file_context out of libmisc/copydir.c
+
+Review hardcoded root account?
+
+review all call to strto
+
+libmisc/cleanup_user.c
+ cleanup needed (cleanup_report_add_user* not used)
+
+
+libxcrypt support
+ * http://wiki.linuxfromscratch.org/patches/browser/trunk/shadow/shadow-4.0.18.1-owl_blowfish-1.patch
+
+implement getlong, getulong.
+ avoid atoi, atol, atoul, strtol, strtoul, ...
+
+manpages: comment the RLOGIN parts
+
+Replace build_list (in lib/gshadow.c) and list (in lib/sgetgrent.c) by
+comma_to_list()
+
+Revert the modified files if all files could not be changed.
+ * or warn and indicate which files were modified and which were not.
+ * check the order the files are modified.
+
+report nscd_flush_cache failures?
+call nscd from the programs or from lib (commonio?)
+
+PAM: check if a non-interactive conversation function could be used to set
+the password in chpasswd and newusers
+
+WITH_SELINUX
+ - review all tools to check that the strategies are consistent
+
+chage, chfn, chsh: same change needed as in passwd.
+ - probably need moving check_selinux_access to a separate file.
+
+testsuite
+ - newgrp
+ - test with unknown user's GID
+
+newusers
+ - add logging to SYSLOG & AUDIT
+ - use CREATE_HOME
+ - Add a -Z option (see useradd / usermod)
+
+Document when/where option appeared, document whether an option is standard
+or not.
+
+Check all the expiry semantics
+
+ALL:
+- move base passwd/shadow/group/gshadow operation to module for allow write
+ different backend modules for db, NIS, LDAP and others. Default backend it
+ will be goot if will be chosen depending on /etc/nsswitch.conf and allow
+ override this by -r <repository> options (where the <repository> can be
+ file, db, nis nisplus, ldap .. like on /etc/nsswitch.conf in service column).
+ passwd have old piece of code with handling -r option and it will be good
+ finish this and propagate on other shadow tools for allow operate on other
+ user databases by well known tools.
+- Protect against signals. Register do_cleanups in a signal handler.
+
+- login.defs
+ - generate depending on configuration
+
+- useradd:
+ - add handle create user mail spool in maildir format.
+ - Add support for -k in -D mode
+ - Add support for -K in -D mode
+ - Add option to create or not the mail spool (and set the default in -D
+ mode)
+ - Change -l to reset the entry if an entry was already there
+ - set the mask in mkdir?
+
+- userdel:
+ - add backup option for the removal of user resources,
+ - user_busy: check that the user is not running any processes.
+ - missing "deleting group" FAILED
+ - home dir removed, but userdel may fail and may leave the user
+ => warning needed
+
+- usermod
+ - add an option equivalent to useradd's -l (only when uid is changed)
+ - the mode of new home directories should be set according to the
+ original mode. Does copy_tree does this?
+ - user renamed, order is not kept in /etc/group (see
+ 47_usermod-l_no_shadow_file). This is a problem when the first user is
+ considered as the admin.
+ - see mail "user ID change" on April, 15
+ + fix call to chown (combination of -m and -u/-g)
+ + add tests
+
+- passwd:
+ - check combination of options (e.g. -u/-l)
+ - when -u refuse to unlock because it would create an empty password, it
+ should not display "Password changed."
+ exit instead?
+
+- newgrp: check the USE_PAM section.
+
+- pwck
+ - Add check to move passwd passwords to shadow if there is a shadow
+ entry (with a password).
+ - Add check to move passwd passwords to shadow if there is a shadow
+ file.
+ - Support an alternative /etc/tcb directory as second parameter.
+ - add options -g / -G to specify alternative group / gshadow files
+
+- su
+ - add a login.defs configuration parameter to add variables to keep in
+ the environment with "su -l" (TERM/TERMCOLOR/...)
+
+- vipw
+ - set ACLs and XATTRs on the temporary file (and backups?)
+ - vipw + selinux -> use lib/selinux.c