diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 12:50:00 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 12:50:00 +0000 |
commit | 333f7ecfa3e040191c66b2b92f6c117ca2cbac1d (patch) | |
tree | 178a8f140927896970f47930dae9213161268f10 /TODO | |
parent | Initial commit. (diff) | |
download | shadow-upstream.tar.xz shadow-upstream.zip |
Adding upstream version 1:4.8.1.upstream/1%4.8.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | TODO | 127 |
1 files changed, 127 insertions, 0 deletions
@@ -0,0 +1,127 @@ + * Create a common usage function that'd take the array of + long options and an array of descriptions and output that so things would + be standardized across the utils. + Usage strings should be normalized and split first. + Investigate optparse. + + +/etc/default/useradd + * GROUP=1000 should accept a group name. + +Check when RLOGIN is enabled if ruserok() exists + +Move selinux_file_context out of libmisc/copydir.c + +Review hardcoded root account? + +review all call to strto + +libmisc/cleanup_user.c + cleanup needed (cleanup_report_add_user* not used) + + +libxcrypt support + * http://wiki.linuxfromscratch.org/patches/browser/trunk/shadow/shadow-4.0.18.1-owl_blowfish-1.patch + +implement getlong, getulong. + avoid atoi, atol, atoul, strtol, strtoul, ... + +manpages: comment the RLOGIN parts + +Replace build_list (in lib/gshadow.c) and list (in lib/sgetgrent.c) by +comma_to_list() + +Revert the modified files if all files could not be changed. + * or warn and indicate which files were modified and which were not. + * check the order the files are modified. + +report nscd_flush_cache failures? +call nscd from the programs or from lib (commonio?) + +PAM: check if a non-interactive conversation function could be used to set +the password in chpasswd and newusers + +WITH_SELINUX + - review all tools to check that the strategies are consistent + +chage, chfn, chsh: same change needed as in passwd. + - probably need moving check_selinux_access to a separate file. + +testsuite + - newgrp + - test with unknown user's GID + +newusers + - add logging to SYSLOG & AUDIT + - use CREATE_HOME + - Add a -Z option (see useradd / usermod) + +Document when/where option appeared, document whether an option is standard +or not. + +Check all the expiry semantics + +ALL: +- move base passwd/shadow/group/gshadow operation to module for allow write + different backend modules for db, NIS, LDAP and others. Default backend it + will be goot if will be chosen depending on /etc/nsswitch.conf and allow + override this by -r <repository> options (where the <repository> can be + file, db, nis nisplus, ldap .. like on /etc/nsswitch.conf in service column). + passwd have old piece of code with handling -r option and it will be good + finish this and propagate on other shadow tools for allow operate on other + user databases by well known tools. +- Protect against signals. Register do_cleanups in a signal handler. + +- login.defs + - generate depending on configuration + +- useradd: + - add handle create user mail spool in maildir format. + - Add support for -k in -D mode + - Add support for -K in -D mode + - Add option to create or not the mail spool (and set the default in -D + mode) + - Change -l to reset the entry if an entry was already there + - set the mask in mkdir? + +- userdel: + - add backup option for the removal of user resources, + - user_busy: check that the user is not running any processes. + - missing "deleting group" FAILED + - home dir removed, but userdel may fail and may leave the user + => warning needed + +- usermod + - add an option equivalent to useradd's -l (only when uid is changed) + - the mode of new home directories should be set according to the + original mode. Does copy_tree does this? + - user renamed, order is not kept in /etc/group (see + 47_usermod-l_no_shadow_file). This is a problem when the first user is + considered as the admin. + - see mail "user ID change" on April, 15 + + fix call to chown (combination of -m and -u/-g) + + add tests + +- passwd: + - check combination of options (e.g. -u/-l) + - when -u refuse to unlock because it would create an empty password, it + should not display "Password changed." + exit instead? + +- newgrp: check the USE_PAM section. + +- pwck + - Add check to move passwd passwords to shadow if there is a shadow + entry (with a password). + - Add check to move passwd passwords to shadow if there is a shadow + file. + - Support an alternative /etc/tcb directory as second parameter. + - add options -g / -G to specify alternative group / gshadow files + +- su + - add a login.defs configuration parameter to add variables to keep in + the environment with "su -l" (TERM/TERMCOLOR/...) + +- vipw + - set ACLs and XATTRs on the temporary file (and backups?) + - vipw + selinux -> use lib/selinux.c |